Postman Security Test Generator

Postman Security Test Generator can be used to execute role based security tests under applications.

For role based applications, security tests can be a burden to create and maintain. Each endpoint must be tested for every role in the system to ensure you are not allowing unsecured access.

To properly use this collection, the assumption is made that you have defined roles and you pass in a role to each of your requests. Why?

Part of a role based application is explicitly granting or denying access to users given a role they currently have. This allows for enhanced security, cleaner code, and a well defined structure of permissions and actions.

The postman security test generator will look at your OpenAPI spec, generate, and execute an exhaustive test to validate your endpoints are locked down like they should be.

For Example: V1 of the security test generator puts a focus on role based applications that use a special header in every request to let the api know which role the user is operating as. This pattern may be adapted to other use cases in the future, but to illustrate the premise, a manual header was necessary.