24May
Which tool to use to automate REST API pentest
I want to run an automated REST API pentest, and I want to integrate my test into CI/CD pipeline. Note: I have the openapi specification of the APIs that I want to test. My automated test will be divided into 2 parts:
- Anti-regression testing of the APIs based on known scenarios (happy path and unhappy path)
- Fuzzing testing and testing against known vulnerabilities like injection, XSS, etc..
I am exploring some tools like postman, burpsuite, zap, but I am not sure which of these tools, or maybe another tool is better for automating the tests in CI/CD. Can you please advise on what tool to use in order to run such tests in CI/CD pipeline?
