DZone Security Zone
Determine the Goals
In Bruce Lee’s famous movie, “Enter the Dragon,” there’s a scene of Bruce on the junk with the other contenders. One of them, Parsons, asks, “What’s your style?” Bruce answers, “The art of fighting without fighting,” after which he tricks Parsons onto the lifeboat, and Parsons is dragged in that boat behind the ship while the onlookers laugh.
Similar to the “What’s your style?” is “What’s your goal?” questions, there is no one right style, and there is no one right goal. Before testing APIs, determine the goals of testing; the goals of testing will help determine the tool specifications. Are there compliance standards to meet? What are the internal departmental and business goals? Are there contractual requirements? Does the SDLC require SAST and DAST to be applied? Does the CISO require RASP and IAST? Define and document the requirements. Remember – if it isn’t documented, it doesn’t exist.
Read the original article: