OpenAPI<\/a> is a specification for making a kind of “schema” for your APIs.<\/p>\n Postman<\/a> is a tool for building and testing APIS.<\/p>\n BurpSuite DAST<\/a> – dynamic application security testing – is owned by PortSwigger.\u00a0 It’s good for penetration testing.<\/p>\n<\/blockquote>\n \u00a0<\/p>\n Here are the prompts I asked after opening my project:<\/p>\n Voila – have my three files.<\/p>\n BurpSuite added an extra selection for an API scan type, and I hadn’t been able to use it until I had the catalog of API endpoints.<\/p>\n\n\n BurpSuite can take these formats to describe APIs:<\/p>\n\n\n\n SOAP WSDL, Postman Collection, or an OpenAPI definition in YAML or JSON format.<\/p>\n\n\n\n I like to work with yaml files as I work with some devops type things, Docker, and AI Specs (that use markup, I find more akin to yaml). But for grins I generated out both formats, and then the Postman collection. I didn’t try the wsdl.<\/p>\n\n\n\n Example content:<\/p>\n\n\n\n Here’s the file loaded into BurpSuite:<\/p>\n\n\n\n Then you can add authentication if you need to:<\/p>\n\n\n\n The Postman collection looks like this. It actually can import an OpenAPI spec and output a Postman collection.<\/p>\n\n\n\n Postman Collection loaded into Postman tool — ready for use:<\/p>\n\n\n\n So anyway, after you have this all loaded up into BurpSuite — you can run your scan job on the endpoints and hopefully nothing major to fix.<\/p>\n\n\n\n The product test file I generated with the AI in my Chrome browser is in the following file. You can test BurpSuite with it or import it into Postman.<\/p>\n\n\n\n Generating out descriptive schema for your existing applications that AI can well. Working on a Grails API application, I am using with BurpSuite DAST to do some security testing on a regular basis for it. I’ve needed an API list of endpoints for their API security scan feature for quite some time, that’s easy to […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[97,1],"tags":[],"_links":{"self":[{"href":"http:\/\/10kdev.net\/index.php?rest_route=\/wp\/v2\/posts\/1884"}],"collection":[{"href":"http:\/\/10kdev.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/10kdev.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/10kdev.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/10kdev.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1884"}],"version-history":[{"count":4,"href":"http:\/\/10kdev.net\/index.php?rest_route=\/wp\/v2\/posts\/1884\/revisions"}],"predecessor-version":[{"id":1897,"href":"http:\/\/10kdev.net\/index.php?rest_route=\/wp\/v2\/posts\/1884\/revisions\/1897"}],"wp:attachment":[{"href":"http:\/\/10kdev.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/10kdev.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1884"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/10kdev.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
![\"\"](\"http:\/\/10kdev.net\/wp-content\/uploads\/2025\/10\/image-4-1024x225.png\")
<\/a><\/figure>\n\n\n\n![\"\"](\"http:\/\/10kdev.net\/wp-content\/uploads\/2025\/10\/image-5-1024x353.png\")
<\/a><\/figure>\n\n\n\nopenapi: 3.0.0\ninfo:\n title: Product Management API\n version: 1.0.0\n description: A sample API for managing products.\nservers:\n - url: https:\/\/api.example.com\/v1\n description: Production server\n - url: http:\/\/localhost:8080\/v1\n description: Development server\ntags:\n - name: Products\n description: Operations related to products\npaths:\n \/products:\n get:\n tags:\n - Products\n summary: Get all products\n operationId: getAllProducts\n responses:\n '200':\n description: A list of products\n content:\n application\/json:\n schema:\n type: array\n items:\n $ref: '#\/components\/schemas\/Product'\n post:\n tags:\n - Products\n summary: Create a new product\n operationId: createProduct\n requestBody:\n required: true\n content:\n application\/json:\n schema:\n $ref: '#\/components\/schemas\/NewProduct'\n responses:\n '201':\n description: Product created successfully\n content:\n application\/json:\n schema:\n $ref: '#\/components\/schemas\/Product'\n\n< and so forth .... ><\/code><\/pre>\n\n\n\n![\"\"](\"http:\/\/10kdev.net\/wp-content\/uploads\/2025\/10\/image-7-1024x404.png\")
<\/a><\/figure>\n\n\n\n![\"\"](\"http:\/\/10kdev.net\/wp-content\/uploads\/2025\/10\/image-8-1024x715.png\")
<\/a><\/figure>\n\n\n\n\t\"info\": {\n\t\t\"_postman_id\": \"e2c42dd8-dabe-44fd-b90c-9136d35d9167\",\n\t\t\"name\": \"Product Management API\",\n\t\t\"description\": \"A sample API for managing products.\",\n\t\t\"schema\": \"https:\/\/schema.getpostman.com\/json\/collection\/v2.1.0\/collection.json\",\n\t\t\"_exporter_id\": \"6514261\"\n\t},\n\t\"item\": [\n\t\t{\n\t\t\t\"name\": \"products\",\n\t\t\t\"item\": [\n\t\t\t\t{\n\t\t\t\t\t\"name\": \"{productId}\",\n\t\t\t\t\t\"item\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"name\": \"Get a product by ID\",\n< and so forth ... ><\/code><\/pre>\n\n\n\n![\"\"](\"http:\/\/10kdev.net\/wp-content\/uploads\/2025\/10\/image-9.png\")
<\/a><\/figure>\n\n\n\n![\"\"](\"http:\/\/10kdev.net\/wp-content\/uploads\/2025\/10\/image-10-1024x593.png\")
<\/a><\/figure>\n\n\n\n
\n\n\n\n