SlideShare a Scribd company logo

Using Cookies to Store Your Postman Secrets

Postman
Postman

LIGHTNING | See how you can leverage Postman cookies instead of environments to store your cookies.

Software
1 of 17
Download to read offline
Using Cookies to Store Your Postman Secrets Lightning Talk on February 4, 2021 Miguel A. Calles
We are testing the production environment. We want to test an API in a team collection. We enter our actual username and password. We complete the test and move on.
We make a collection public. We decide to make a "quick" change. We "temporarily" add an API key. We get a phone call from our boss.
Strong encryption at-rest and in-transit Postman Sessions Role-based access control (RBAC) Strong security program
Protect your account, installation, and computer Implement user roles with RBAC Use Postman Sessions Be careful what you share
Environments (obviously) have no encryption in-use Avoid syncing with Sessions Use cookies as a local data store
Done with the UI and scripts. Must carefully avoid setting Initial Value
Done with the UI and scripts Must whitelist domain
Principal Solutions and Security Engineer Published Author https://MiguelACallesMBA.com https://ServerlessSecurityBook.com https://www.linkedin.com/in/miguel-a-calles-mb a/
const cookieJar = pm.cookies.jar(); const cookieName = "xApiKey" const domain = "postman.galaxy.demo" cookieJar.get(domain, cookieName, (error, cookie) => { if (error) { console.error(error); pm.variables.set(cookieName, "error"); } if (cookie) { pm.variables.set(cookieName, cookie); } else { console.error("Cookie is missing") pm.variables.set(cookieName, "missing"); } });
pm.variables.unset("xApiKey");
// https://postman-quick-reference-guide.readthedocs. io/en/latest/libraries.html const cookieJar = pm.cookies.jar(); const sessionVarName = "xApiKey"; const cookieName = "secretKey"; const domain = "postman.galaxy.demo";
cookieJar.get(domain, cookieName, (error, secretKey) => { if (error) { console.error(error); pm.variables.set(sessionVarName, "error"); } if (secretKey) { // encryption const encryptedText = CryptoJS.AES.encrypt('<data-to-encrypt>', secretKey).toString(); console.log('encryptedText', encryptedText);
// decryption console.log('secretKey', secretKey); const xApiKeyEnc = pm.environment.get('x-api-key-enc'); console.log('xApiKeyEnc', xApiKeyEnc); const xApiKey = CryptoJS.AES.decrypt(xApiKeyEnc, secretKey).toString(CryptoJS.enc.Utf8); console.log('xApiKey', xApiKey); pm.variables.set(sessionVarName, xApiKey); } else { console.error("Cookie is missing") pm.variables.set(sessionVarName, "missing"); } });
Photo by krakenimages on Unsplash Photo by Sarah Kilian on Unsplash Photo by John Salvino on Unsplash Photo by Erika Fletcher on Unsplash Photo by Alexander Sinn on Unsplash Photo by Christina Branco on Unsplash Photo by Scott Sanker on Unsplash Photo by Markus Spiske on Unsplash

Recommended

Turn On The Lights
Turn On The LightsTurn On The Lights
Turn On The LightsPostman
 
Building Faster With Your Team's UI Kit
Building Faster With Your Team's UI KitBuilding Faster With Your Team's UI Kit
Building Faster With Your Team's UI KitAtlassian
 
Consumer-Driven Contract Testing With Postman
Consumer-Driven Contract Testing With PostmanConsumer-Driven Contract Testing With Postman
Consumer-Driven Contract Testing With PostmanPostman
 
Webinar: “Introduction to the Postman API Network”
Webinar: “Introduction to the Postman API Network”Webinar: “Introduction to the Postman API Network”
Webinar: “Introduction to the Postman API Network”Postman
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanPostman
 
How to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-SpaHow to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-SpaRapidValue
 
Building Cloud-agnostic Serverless APIs
Building Cloud-agnostic Serverless APIsBuilding Cloud-agnostic Serverless APIs
Building Cloud-agnostic Serverless APIsPostman
 
Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...Massimo Bonanni
 

Recommended

Turn On The Lights
Turn On The LightsTurn On The Lights
Turn On The LightsPostman
 
Building Faster With Your Team's UI Kit
Building Faster With Your Team's UI KitBuilding Faster With Your Team's UI Kit
Building Faster With Your Team's UI KitAtlassian
 
Consumer-Driven Contract Testing With Postman
Consumer-Driven Contract Testing With PostmanConsumer-Driven Contract Testing With Postman
Consumer-Driven Contract Testing With PostmanPostman
 
Webinar: “Introduction to the Postman API Network”
Webinar: “Introduction to the Postman API Network”Webinar: “Introduction to the Postman API Network”
Webinar: “Introduction to the Postman API Network”Postman
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanPostman
 
How to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-SpaHow to Build a Micro-Application using Single-Spa
How to Build a Micro-Application using Single-SpaRapidValue
 
Building Cloud-agnostic Serverless APIs
Building Cloud-agnostic Serverless APIsBuilding Cloud-agnostic Serverless APIs
Building Cloud-agnostic Serverless APIsPostman
 
Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...Massimo Bonanni
 
A Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptA Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptAll Things Open
 
Firebase
FirebaseFirebase
FirebaseShady Selim
 
Drive API Adoption: Reach Over 13 Million Developers
Drive API Adoption: Reach Over 13 Million DevelopersDrive API Adoption: Reach Over 13 Million Developers
Drive API Adoption: Reach Over 13 Million DevelopersPostman
 
Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondPostman
 
Everybody loves Swagger
Everybody loves SwaggerEverybody loves Swagger
Everybody loves SwaggerBizTalk360
 
Postman Enterprise Webinar
Postman Enterprise WebinarPostman Enterprise Webinar
Postman Enterprise WebinarKin Lane
 
Postman Webinar: How Ping Identity Uses Postman across the API Lifecycle
Postman Webinar: How Ping Identity Uses Postman across the API LifecyclePostman Webinar: How Ping Identity Uses Postman across the API Lifecycle
Postman Webinar: How Ping Identity Uses Postman across the API LifecyclePostman
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoDEVCON
 
The Journey from Monolith to Microservices: a Guided Adventure
The Journey from Monolith to Microservices: a Guided AdventureThe Journey from Monolith to Microservices: a Guided Adventure
The Journey from Monolith to Microservices: a Guided AdventureVMware Tanzu
 
Firebase
FirebaseFirebase
FirebaseTriState Technology
 
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...Kin Lane
 
The Most Common Errors That Aren’t Caught
The Most Common Errors That Aren’t CaughtThe Most Common Errors That Aren’t Caught
The Most Common Errors That Aren’t CaughtNordic APIs
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIPostman
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and QualysPostman
 
Meteor js - TechPeaks Developers Meeting
Meteor js - TechPeaks Developers MeetingMeteor js - TechPeaks Developers Meeting
Meteor js - TechPeaks Developers MeetingFrancesco Corazza
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Matt Raible
 
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"Postman
 
Firebase Overview
Firebase OverviewFirebase Overview
Firebase Overviewaashutosh kumar
 
Postman Galaxy Tour: San Francisco - Workshop Presentation
Postman Galaxy Tour: San Francisco - Workshop PresentationPostman Galaxy Tour: San Francisco - Workshop Presentation
Postman Galaxy Tour: San Francisco - Workshop PresentationPostman
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using AnsibleSonatype
 

More Related Content

What's hot

A Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptA Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptAll Things Open
 
Drive API Adoption: Reach Over 13 Million Developers
Drive API Adoption: Reach Over 13 Million DevelopersDrive API Adoption: Reach Over 13 Million Developers
Drive API Adoption: Reach Over 13 Million DevelopersPostman
 
Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondPostman
 
Everybody loves Swagger
Everybody loves SwaggerEverybody loves Swagger
Everybody loves SwaggerBizTalk360
 
Postman Enterprise Webinar
Postman Enterprise WebinarPostman Enterprise Webinar
Postman Enterprise WebinarKin Lane
 
Postman Webinar: How Ping Identity Uses Postman across the API Lifecycle
Postman Webinar: How Ping Identity Uses Postman across the API LifecyclePostman Webinar: How Ping Identity Uses Postman across the API Lifecycle
Postman Webinar: How Ping Identity Uses Postman across the API LifecyclePostman
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoDEVCON
 
The Journey from Monolith to Microservices: a Guided Adventure
The Journey from Monolith to Microservices: a Guided AdventureThe Journey from Monolith to Microservices: a Guided Adventure
The Journey from Monolith to Microservices: a Guided AdventureVMware Tanzu
 
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...Kin Lane
 
The Most Common Errors That Aren’t Caught
The Most Common Errors That Aren’t CaughtThe Most Common Errors That Aren’t Caught
The Most Common Errors That Aren’t CaughtNordic APIs
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIPostman
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and QualysPostman
 
Meteor js - TechPeaks Developers Meeting
Meteor js - TechPeaks Developers MeetingMeteor js - TechPeaks Developers Meeting
Meteor js - TechPeaks Developers MeetingFrancesco Corazza
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Matt Raible
 
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"Postman
 
Postman Galaxy Tour: San Francisco - Workshop Presentation
Postman Galaxy Tour: San Francisco - Workshop PresentationPostman Galaxy Tour: San Francisco - Workshop Presentation
Postman Galaxy Tour: San Francisco - Workshop PresentationPostman
 

What's hot (20)

A Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with JavascriptA Starters Guide to Building APIs with Javascript
A Starters Guide to Building APIs with Javascript
 
Firebase
FirebaseFirebase
Firebase
 
Drive API Adoption: Reach Over 13 Million Developers
Drive API Adoption: Reach Over 13 Million DevelopersDrive API Adoption: Reach Over 13 Million Developers
Drive API Adoption: Reach Over 13 Million Developers
 
Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and Beyond
 
Everybody loves Swagger
Everybody loves SwaggerEverybody loves Swagger
Everybody loves Swagger
 
Postman Enterprise Webinar
Postman Enterprise WebinarPostman Enterprise Webinar
Postman Enterprise Webinar
 
Postman Webinar: How Ping Identity Uses Postman across the API Lifecycle
Postman Webinar: How Ping Identity Uses Postman across the API LifecyclePostman Webinar: How Ping Identity Uses Postman across the API Lifecycle
Postman Webinar: How Ping Identity Uses Postman across the API Lifecycle
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent Convento
 
The Journey from Monolith to Microservices: a Guided Adventure
The Journey from Monolith to Microservices: a Guided AdventureThe Journey from Monolith to Microservices: a Guided Adventure
The Journey from Monolith to Microservices: a Guided Adventure
 
Firebase
FirebaseFirebase
Firebase
 
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...
Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...
 
The Most Common Errors That Aren’t Caught
The Most Common Errors That Aren’t CaughtThe Most Common Errors That Aren’t Caught
The Most Common Errors That Aren’t Caught
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman API
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
 
Meteor js - TechPeaks Developers Meeting
Meteor js - TechPeaks Developers MeetingMeteor js - TechPeaks Developers Meeting
Meteor js - TechPeaks Developers Meeting
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
 
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"
Postman Webinar: "From APIs to Serverless Cloud Applications in Minutes"
 
Firebase Overview
Firebase OverviewFirebase Overview
Firebase Overview
 
Postman Galaxy Tour: San Francisco - Workshop Presentation
Postman Galaxy Tour: San Francisco - Workshop PresentationPostman Galaxy Tour: San Francisco - Workshop Presentation
Postman Galaxy Tour: San Francisco - Workshop Presentation
 

Similar to Using Cookies to Store Your Postman Secrets

How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using AnsibleSonatype
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)Nicolas Brousse
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Jim Manico
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMalcolm Duncanson, CISSP
 
Business model driven cloud adoption - what NI is doing in the cloud
Business model driven cloud adoption - what NI is doing in the cloudBusiness model driven cloud adoption - what NI is doing in the cloud
Business model driven cloud adoption - what NI is doing in the cloudErnest Mueller
 
Dev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - TorontoDev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - TorontoAmazon Web Services
 
DevOps On AWS - Deep Dive on Continuous Delivery
DevOps On AWS - Deep Dive on Continuous DeliveryDevOps On AWS - Deep Dive on Continuous Delivery
DevOps On AWS - Deep Dive on Continuous DeliveryMikhail Prudnikov
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Jim Manico
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefkamalikamj
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteIsrael AWS User Group
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build PipelineSamuel Brown
 
What is App Engine? O
What is App Engine? OWhat is App Engine? O
What is App Engine? Oikailan
 
Microsoft Windows Server AppFabric
Microsoft Windows Server AppFabricMicrosoft Windows Server AppFabric
Microsoft Windows Server AppFabricMark Ginnebaugh
 
AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications Amazon Web Services
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...Amazon Web Services
 
How to Use OWASP Security Logging
How to Use OWASP Security LoggingHow to Use OWASP Security Logging
How to Use OWASP Security LoggingMilton Smith
 

Similar to Using Cookies to Store Your Postman Secrets (20)

How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
 
Business model driven cloud adoption - what NI is doing in the cloud
Business model driven cloud adoption - what NI is doing in the cloudBusiness model driven cloud adoption - what NI is doing in the cloud
Business model driven cloud adoption - what NI is doing in the cloud
 
Dev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - TorontoDev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - Toronto
 
DevOps On AWS - Deep Dive on Continuous Delivery
DevOps On AWS - Deep Dive on Continuous DeliveryDevOps On AWS - Deep Dive on Continuous Delivery
DevOps On AWS - Deep Dive on Continuous Delivery
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017
 
Testing for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chefTesting for infra code using test-kitchen,docker,chef
Testing for infra code using test-kitchen,docker,chef
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minute
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build Pipeline
 
What is App Engine? O
What is App Engine? OWhat is App Engine? O
What is App Engine? O
 
Microsoft Windows Server AppFabric
Microsoft Windows Server AppFabricMicrosoft Windows Server AppFabric
Microsoft Windows Server AppFabric
 
AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications
 
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
 
How to Use OWASP Security Logging
How to Use OWASP Security LoggingHow to Use OWASP Security Logging
How to Use OWASP Security Logging
 

More from Postman

Elevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationElevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationPostman
 
Discovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanDiscovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanPostman
 
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationOptimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationPostman
 
API testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesAPI testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesPostman
 
Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Postman
 
Five Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanPostman
 
How to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessHow to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessPostman
 
Revolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanRevolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanPostman
 
Everything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIEverything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIPostman
 
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Postman
 
Five Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanPostman
 
Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Postman
 
How ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityHow ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityPostman
 
Exploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionExploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionPostman
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and TrendsPostman
 
Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Postman
 
Testing and Developing gRPC APIs
Testing and Developing gRPC APIsTesting and Developing gRPC APIs
Testing and Developing gRPC APIsPostman
 
Testing and Developing GraphQL APIs
Testing and Developing GraphQL APIsTesting and Developing GraphQL APIs
Testing and Developing GraphQL APIsPostman
 
Introduction to API Security - Intergalactic
Introduction to API Security - IntergalacticIntroduction to API Security - Intergalactic
Introduction to API Security - IntergalacticPostman
 
Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Postman
 

More from Postman (20)

Elevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & DocumentationElevating Developer Experiences with AI-Powered API Testing & Documentation
Elevating Developer Experiences with AI-Powered API Testing & Documentation
 
Discovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with PostmanDiscovering Public APIs and Public API Network with Postman
Discovering Public APIs and Public API Network with Postman
 
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for CollaborationOptimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
Optimizing Teamwork: Harnessing Collections & Workspaces for Collaboration
 
API testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation TechniquesAPI testing Beyond the Basics AI & Automation Techniques
API testing Beyond the Basics AI & Automation Techniques
 
Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)Not Your Grandma’s Rate Limiting (slides)
Not Your Grandma’s Rate Limiting (slides)
 
Five Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with PostmanFive Ways to Automate API Testing with Postman
Five Ways to Automate API Testing with Postman
 
How to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future SuccessHow to Scale APIs-as-Product for Future Success
How to Scale APIs-as-Product for Future Success
 
Revolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with PostmanRevolutionizing API Development: Collaborative Workflows with Postman
Revolutionizing API Development: Collaborative Workflows with Postman
 
Everything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPIEverything You Always Wanted to Know About AsyncAPI
Everything You Always Wanted to Know About AsyncAPI
 
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
 
Five Things You SHOULD Know About Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
 
Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs Integration-, Snapshot- and Performance-Testing APIs
Integration-, Snapshot- and Performance-Testing APIs
 
How ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in PopularityHow ChatGPT led OpenAPI's Recent Spike in Popularity
How ChatGPT led OpenAPI's Recent Spike in Popularity
 
Exploring Postman’s VS Code Extension
Exploring Postman’s VS Code ExtensionExploring Postman’s VS Code Extension
Exploring Postman’s VS Code Extension
 
2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends2023 State of the API Report: Key Findings and Trends
2023 State of the API Report: Key Findings and Trends
 
Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World Nordic- APIOps is here What will you build in an API First World
Nordic- APIOps is here What will you build in an API First World
 
Testing and Developing gRPC APIs
Testing and Developing gRPC APIsTesting and Developing gRPC APIs
Testing and Developing gRPC APIs
 
Testing and Developing GraphQL APIs
Testing and Developing GraphQL APIsTesting and Developing GraphQL APIs
Testing and Developing GraphQL APIs
 
Introduction to API Security - Intergalactic
Introduction to API Security - IntergalacticIntroduction to API Security - Intergalactic
Introduction to API Security - Intergalactic
 
Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2Unboxing What's New in Postman Q2
Unboxing What's New in Postman Q2
 

Recently uploaded

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 

Recently uploaded (20)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 

Using Cookies to Store Your Postman Secrets

  • 1. Using Cookies to Store Your Postman Secrets Lightning Talk on February 4, 2021 Miguel A. Calles
  • 2. We are testing the production environment. We want to test an API in a team collection. We enter our actual username and password. We complete the test and move on.
  • 3. We make a collection public. We decide to make a "quick" change. We "temporarily" add an API key. We get a phone call from our boss.
  • 4. Strong encryption at-rest and in-transit Postman Sessions Role-based access control (RBAC) Strong security program
  • 5. Protect your account, installation, and computer Implement user roles with RBAC Use Postman Sessions Be careful what you share
  • 6. Environments (obviously) have no encryption in-use Avoid syncing with Sessions Use cookies as a local data store
  • 7. Done with the UI and scripts. Must carefully avoid setting Initial Value
  • 8. Done with the UI and scripts Must whitelist domain
  • 9.
  • 10. Principal Solutions and Security Engineer Published Author https://MiguelACallesMBA.com https://ServerlessSecurityBook.com https://www.linkedin.com/in/miguel-a-calles-mb a/
  • 11.
  • 12. const cookieJar = pm.cookies.jar(); const cookieName = "xApiKey" const domain = "postman.galaxy.demo" cookieJar.get(domain, cookieName, (error, cookie) => { if (error) { console.error(error); pm.variables.set(cookieName, "error"); } if (cookie) { pm.variables.set(cookieName, cookie); } else { console.error("Cookie is missing") pm.variables.set(cookieName, "missing"); } });
  • 14. // https://postman-quick-reference-guide.readthedocs. io/en/latest/libraries.html const cookieJar = pm.cookies.jar(); const sessionVarName = "xApiKey"; const cookieName = "secretKey"; const domain = "postman.galaxy.demo";
  • 15. cookieJar.get(domain, cookieName, (error, secretKey) => { if (error) { console.error(error); pm.variables.set(sessionVarName, "error"); } if (secretKey) { // encryption const encryptedText = CryptoJS.AES.encrypt('<data-to-encrypt>', secretKey).toString(); console.log('encryptedText', encryptedText);
  • 16. // decryption console.log('secretKey', secretKey); const xApiKeyEnc = pm.environment.get('x-api-key-enc'); console.log('xApiKeyEnc', xApiKeyEnc); const xApiKey = CryptoJS.AES.decrypt(xApiKeyEnc, secretKey).toString(CryptoJS.enc.Utf8); console.log('xApiKey', xApiKey); pm.variables.set(sessionVarName, xApiKey); } else { console.error("Cookie is missing") pm.variables.set(sessionVarName, "missing"); } });
  • 17. Photo by krakenimages on Unsplash Photo by Sarah Kilian on Unsplash Photo by John Salvino on Unsplash Photo by Erika Fletcher on Unsplash Photo by Alexander Sinn on Unsplash Photo by Christina Branco on Unsplash Photo by Scott Sanker on Unsplash Photo by Markus Spiske on Unsplash