Looking forward to hear your thoughts and get your feedback about this. 🙏
Today we released v0.7 of Cherrybomb and I want to tell you about all the new features, and the new integrations we have.
CherryBomb is our opensource tool that validate your OpenAPI specification, it is designed for use with popular CI/CD tools such as Jenkins and Travis CI.
It is easy to use, and it integrates with these tools to provide a complete API security testing solution.
The active module takes our API testing to a new level. By providing not only static testing and auditing of your OAS file (with the passive module), but a test that tests the API itself by sending requests and analyzing the responses. The Active module tests APIs by verifying that the API follows the specifications dictated in the OAS file and by testing the API for common security vulnerabilities.
There are also the Endpoint and Parameter tables, which sort out and inventory your entire API, using different keys.
API Security Testing can save you time and money by helping you to find and fix vulnerabilities in your code before they are exploited, I wrote an article about it.
By using API Security Testing, you can also ensure that your API is compliant with industry standards and best practices.
There are two ways you can use Cherrybomb:
- You can embed it into your CI pipeline, and If you plan on doing that I would recommend that you go to our website, sign up, go through the CI pipeline integration builder, and copy the groovy/GitHub actions snippet built for you. Example:
- You can download it for some tryouts and testing using curl:
curl https://cherrybomb.blstsecurity.com/install | /bin/bash && cherrybomb oas -f "home/Documents/file_openapi.json"
This is a good thing, as it will help to raise the level of security for all APIs. In the longer term, we can expect to see more APIs being developed with security builtin from the start. This will help to ensure that APIs are more secure, and will help to protect the data and systems that they interact with.
So I hope that you enjoy to read my article, if you have ideas or question, feel free to ask in the comments :)
💪 We are looking for contributors for Cherrybomb, together we can make API security easier and affordable for everyone.