mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 13:39:40 +03:00
Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
# API Security Testing with Postman — API Reference
|
||||
|
||||
## Tools
|
||||
|
||||
| Tool | Install | Purpose |
|
||||
|------|---------|---------|
|
||||
| Newman | `npm install -g newman` | CLI runner for Postman collections |
|
||||
| Postman | Desktop app from postman.com | Collection creation and manual testing |
|
||||
|
||||
## Newman CLI Commands
|
||||
|
||||
| Command | Description |
|
||||
|---------|-------------|
|
||||
| `newman run <collection.json>` | Execute collection |
|
||||
| `newman run <col> -e <env.json>` | Run with environment variables |
|
||||
| `newman run <col> --reporters cli,json` | Output in CLI and JSON format |
|
||||
| `newman run <col> --reporter-json-export out.json` | Export JSON results |
|
||||
| `newman run <col> --timeout-request 10000` | 10s request timeout |
|
||||
| `newman run <col> --delay-request 100` | 100ms delay between requests |
|
||||
|
||||
## Postman Test Script Functions
|
||||
|
||||
| Function | Description |
|
||||
|----------|-------------|
|
||||
| `pm.response.code` | HTTP response status code |
|
||||
| `pm.response.text()` | Response body as string |
|
||||
| `pm.response.json()` | Parsed JSON response |
|
||||
| `pm.expect(val).to.equal(x)` | Chai assertion |
|
||||
| `pm.expect(val).to.be.oneOf([])` | Value in expected set |
|
||||
| `pm.expect(val).to.not.include(s)` | String not present |
|
||||
| `pm.environment.set(k, v)` | Set environment variable |
|
||||
|
||||
## Collection Schema (v2.1.0)
|
||||
|
||||
```json
|
||||
{
|
||||
"info": {"name": "...", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"},
|
||||
"item": [{"name": "...", "request": {...}, "event": [{"listen": "test", "script": {...}}]}]
|
||||
}
|
||||
```
|
||||
|
||||
## OWASP API Security Tests
|
||||
|
||||
| Test | Postman Assertion |
|
||||
|------|-------------------|
|
||||
| BOLA/IDOR | Expect 403/404 when accessing other user's resource |
|
||||
| Auth bypass | Expect 401 without valid token |
|
||||
| Mass assignment | Expect role field ignored in response |
|
||||
| Injection | Expect no 500 or stack trace in response |
|
||||
| Data exposure | Expect sensitive fields not in response |
|
||||
|
||||
## External References
|
||||
|
||||
- [Postman Learning Center](https://learning.postman.com/)
|
||||
- [Newman Documentation](https://github.com/postmanlabs/newman)
|
||||
- [Postman Test Scripts](https://learning.postman.com/docs/writing-scripts/test-scripts/)
|
||||
Reference in New Issue
Block a user