If your functional tests are based on Java Rest Assured, you can use pynt command to run API Security tests from these functional tests.

for example: goat-rest-assured is a Rest Assured based project of a functional test of goat vulnerable application. we run it with:

mvn test

Now, to run Pynt on it, we run:

pynt command --cmd "mvn -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=6666 test" 

SSL Support

If your functional test is enforcing SSL certificate verification (e.g. https) you will need to provide Pynt a certificate, If your client need a specific certificate, provide the path to it with --ca_path

pynt command --cmd "<your test command> -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=6666 -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=6666" --ca-path <path to certificate file>

If your client does not use a specific certificate you will need to generate a certificate file and provide it to Pynt:

Generate a certificate (Linux)

1) Download make_certificate.sh

2) Download openssl.cnf

3) chmod +x make_certificate.sh

4) Generate the certificate: ./make_certificate.sh

5) create a trust-store, you will be prompted with entering a password for the key store (from now on we will assume the trust-store is called test.jks and the password is test123456):

keytool -importcert -file ./rootCA.crt -keystore test.jks 

Run Pynt with generated certificate

pynt command --cmd "mvn test -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=6666 -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=6666 -Djavax.net.ssl.trustStore=./test.jks -Djavax.net.ssl.trustStorePassword=test123456" --ca-path rootCA.pem