tldr - powered by Generative AI

• APIs are web apps without a UI, so testing them requires knowledge of HTTP
• Data attacks involve injecting data into a JSON structure, while structural attacks involve manipulating the structure itself
• Gaps in API security testing and defense make it a highly productive area for testing
• Runtime and testing are important for defenders, with posture, insufficient logging and monitoring being strong tools
• API security tools are available for testing and defense

tldr - powered by Generative AI

• Kepler is an open-source tool for automating contract testing and generating test cases
• It offers both SDK and agent implementations to capture requests and responses
• Kepler can be integrated with testing libraries and frameworks
• Kepler is working on adding features such as data protection and test suites