APIs Security testing with ReadyAPI.

Security Testing:-

Can System be penetrated by any hacking way. Testing how well the system protects against unauthorized internal and external access checked if system database is safe from external attacks.
Security testing is the most important testing for Web and mobile app. In this testing tester play around the application to find security-related bugs.

API:-

Application Programming interface, It enables communication and data exchange between two separate  system.

Swagger :-

The Real mean of Swagger is “to walk in a way that shows that you are too confident”. Swagger used for Template for API documentation.

ReadyAPI:-

ReadyAPI Contains different type testing instruments for creating test of Website and API. It currently take care by Smart Bear Software. ReadyAPI comes with a licensed version. The best part of ReadyAPI is that handle both Rest and Soap. it’s support WSDL, WADL.

With ReadyAPI we do:-

1.Function Testing.
2.Security Testing.
3.Performance Testing.
4.Virtual APIs.

In ReadyAPI, We can easily manage our APIs and project. We can easily create an APIs from an openAPI, Swagger, WSDL and WADL definition and use Discovery to record API requests and methods.

How to install ReadyAPI:-

1. Go to https://smartbear.com/product/ready-api/overview/ and click on “Start My Free Trial” button for free trial and buy now.
2. After download extract file.
3. Install in linux .sh file for window install .exe file.
4. Open the terminal and run ./ReadyAPI-x64-3.7.0_R850547365914.sh command.
5. After successfully install, launch ReadyAPI.

Add Swagger definition for API security testing:-

1. Select File>>New Security Test.

2. Create a Security test from>>Select “API Definition” & click on “Start” button.

3. API Definition Setup>> Enter URL of API definition. (In our case Enter Swagger API Definition URL)

4. After enter URL click on “Next” button.

5. All APIs Importing form Swagger.

6. Select a project for test, For that time in drop-down list to create a new project.

7. Then Select the scans (Boundary Scan, Fuzzing Scan, SQL Injection etc.) to include in your Security test.

8. And Click on “Finish” button.

9. Successful created a security test. ReadyAPI will offer you to run the security test immediately or edit it before running.

10. So in our case not Edit anything in security test>>Click on “RUN”.

11. ReadyAPI will start static security testing and sending modified requests and checking responses. After the static security testing done will display the results on click “View full Report”.

12. if APIs have some issue>>then progress bar will turn on orange color.

13. Transaction log>> contains a complete log of requests sent during the security test.

14. Summary Report shown as

15. This is a security testing issue of SQL Injection type.