Issue 45: API Security Testing With Postman and OWASP Zap

🕒 5 MIN READ | Published on: February 16, 2022

This is the Software Testing Notes, a newsletter that goes out every Wednesday. I republish it here for sharing and referencing, but if you'd like to sign up you can do so right here:

Hello there! 👋

Welcome the 45th edition of Software Testing Notes, a weekly newsletter featuring must-read content on Software Testing. I hope this week has been good for you so far.

Describing quality can be quite hard, even for someone with years of experience. But it doesn’t always have to be. Just drop all the hard to use Jargons and you will find that it’s not actually that hard that everyone seems to be making.

Approach to Quality can be very personal and many use and change them when using with context of the team or personally.

I came across this great article describing Quality Principles from personal perspective of Dave Westerveld. I very much like what Dave said about relating software to people.

“We write software so that we can make people’s lives better.”

With that being said, let dig into this week’s curated links. I have lots of nice reads for you this week, hit replay or post comment and let me know what your favorite is!

📚 On Testing

The Ultimate Software Test Planning Checklist by Matthew Heusser

One way to look at a test plan is as a collection of risks work managing. Matthew Heusser shares checklist in this article and provides ideas for what those risks might be and how to handle them, along with what to call out of scope.

Set of skills for Software Tester by Klaudia Dziubek

To become a good tester, you need both technical and soft skills. In this post, Klaudia Dziubek shares 5 soft skills and 5 technical skills that are the best set for every tester.

Model, Oracle, and Perceived Quality by Ravisuriya

Ravisuriya shares in this blog post about his interpretation of Model, Oracle and Perceived Quality and the understanding of it. 

Testing Exceptions: Harder Than It Looks by William Wake

Exceptions are hard, that’s why they are exceptions right 😂. William Wake explores this and looks at a refactoring to move code to use the lambda / closure approach.

Blockchain Testing by Afsal Backer

Blockchain has become a buzzword in the tech world lately. But how exactly do you go about testing it? This article by Afsal Backer explain everything you need to know to get started.

➜ Read all curated stuff on Software Testing here.

⚙️ Automation

3 mindset shifts to succeed with test automation by Daniel Burns

Creating lasting change requires changes to the tools, the processes, and, most importantly, the mindset of the stakeholders involved. Daniel Burns shares these 3 mindset changes must be achieved in order to succeed with test automation for the long term.

Two Easy Questions to Help You Automate the Right Tests by Dennis Martinez

With testing, it's tough to know what's the right thing to automate. Dennis Martinez lays out two questions which will help guide you towards the right path.

Writing better command chains in Cypress by Filip Hric

In this post, Filip Hric explores some of the core principles of Cypress chains and how understanding them can make you write your tests better.

Running Selenium tests on multiple browsers by Steve Mellor

Great step by step walkthrough by Steve Mellor of running Selenium tests on multiple browsers.

Using Pact Webhooks to Improve Contract Testing by Marie Drake

Pact Webhooks allow you to automate your contract testing efforts more and along with the can-i-deploy command, it ensures that consumers and providers are adhering to the data contract before changes are deployed to production. Learn how to use them in this post by Marie Drake.

How to automate API testing with Azure Devops and Postman? by Kalle Marjokorpi

A very detailed article on configuring API requests on Postman and executing them on Azure DevOps. Kalle Marjokorpi did a really great job in this article.

➜ Read all curated stuff on Software Testing Automation here.

💨 Performance

Measuring user flow performance with Lighthouse and WebdriverIO by Hugh McCamphill

The new Lighthouse user-flow API provides extra possibilities for analyzing user front-end performance - as shown in this article by Hugh McCamphil you leverage WebdriverIO existing code to do any required navigation and form filling.

➜ Read all curated stuff on performance Testing here.

🛡️ Security

High-level Ways To Improve Application Security Through Testing by Pricilla White

Take a look at some industry-standard and high-level ways to improve application security.

6 Main Penetration Testing Types To Uncover Vulnerabilities by Andreea Draniceanu

In this article, Andreea Draniceanu dives into Pen testing methodology, approaches To pen testing and the main types of Penetration Testing?

The Key Difference Between Vulnerability Scanning And Penetration Testing by Usama Ahmed

Usama Ahmed explores Key Differences Between Vulnerability Scanning And Penetration Testing and Why Should You Perform Vulnerability Scans And Penetration Tests?

API Security Testing With Postman and OWASP Zap by Mohamed Tarek

Great article by Mohamed Tarek using Postman to send requests to OWASP Zap to be able to start automated pen-testing.

Use ZAP to Perform DAST (Dynamic Application Security Testing) by Kishan B

Kishan B shares step by step process of using ZAP to perform security testing.

➜ Read all curated stuff on Security Testing here.

🛠️ Resources & Tools

Toxiproxy A framework for simulating network conditions made specifically to work in testing, CI, and development environments. Online guide to understand in detail what data each web browser is leaking and which web browsers offer the best privacy protections.

eslint-plugin-jsx-a11yStatic abstract syntax tree (AST) checker for accessibility rules on JSX elements.

📝 List of Software Testers

It's hard to find good articles, podcasts on Software Testing. Even hard to find people who create them. Are you also looking for amazing software testers to follow or read their content ? check out this page dedicated to software testers.

Show me all Software Testers

Do you also create content around Software Testing ? Submit yours here and I will add it to the list.

🎁 Bonus Content



😂 And Finally,

Me and my friend are learning Python after school for fun. This is how he names his variables. 😂

Keep Smiling and have a fun week.

📨 Send Me Your Articles, Tutorials, Tools!

Made something? Send links via Direct Message on Twitter @thetestingkit (details here). If you have any suggestions for improvement or corrections, feel free to reply to this email.

👋 Reach Out

You can follow me personally @priteshusdadiya. I give insights into Testing, development & how I'm growing Software Testing Notes.

You can follow @thetestingkit to keep up-to-date on the community & fresh links to read.

Thanks so much for reading ,
Pritesh- Software Testing Notes

Did You Enjoy This?

Then consider joining the 1,265 other people getting the Software Testing Notes newsletter. It's a collection of fascinating finds from my week, about wide range of topics surrounding software testing and whatever else catches my interest.

Subscribe to Newsletter

Get hand-picked round-up of the best resources and articles on Software Testing in your inbox. Every Week — for free!

No spam, ever. We'll never share your email address and you can opt out at any time.