How to Scan API Endpoints Using a Postman Schema?
Speaker 1: Welcome to Next Beloit. In this video, you will learn how to scan API endpoints directly using a predefined postman collection schema. No exploit can parse an uploaded post man collection schema to define the attack surface of the target and optimize the selected security tests for a scan to be successful. Please make sure that you’re using a valid schema which is configured in compliance with the standard specification. You can find more information about the supported versions and configuration requirements on our knowledge base. Let’s get started. Go to the next Floyd application in the left pane. Select the scans option and click new scan to create a basic scan with minimal settings. Use the default standard setup mode. Alternatively, you can configure extended parameters for a new scan in the advanced setup mode. In this video we are using the standard setup mode. From the Scan Targets dropdown list. Select API endpoints via schema from the API Settings Dropdown List Select Post Man. If your post man schema includes environmental variables, you must provide the correct values for them so that an exploit can parse it properly. If the variables are not included entirely in the schema, you can specify them in the variables section. To upload the schema, click the clip icon and select the required file from your storage. If the schema is configured incorrectly, an exploit cannot accept the file and displays an error message. In this case, we recommend reading the troubleshooting section on our knowledge base to help you fix the problem quickly. If your schema has been uploaded successfully but you want to edit it before running a scan, you can do that in the current new scan dialog. Go to the schema editor tab, make the required changes to the schema and then proceed with the scan settings. Note that some API endpoints might be unauthorized for a direct scan from the cloud. In this case, you will need to select a running repeater from the dropdown list in the Scan Details section. Enter a name and select the project for the scan. That’s it. You’ve completed the setup. Now click start scan. You can monitor the scan process and check the results on the scans page. Thanks for watching and happy scanning with next exploit from all of us at NeuraLegion.