🔘Pynt for Cypress

Overview

Using Cypress for end-to-end testing in combination with Pynt for automated API security testing is a powerful approach to enhance the security of your web applications.

As part of its API security testing suite, Pynt allows integration with Cypress to automate security scans within your test suites to detect and mitigate vulnerabilities effectively.

Prerequisites

Before integrating Pynt with Cypress, make sure Pynt's prerequisites are met and follow the instructions to install Pynt CLI.

How to Run Pynt with Cypress

Pynt allows you to run API Security tests from Cypress E2E tests using pynt command.

Basic Command

To run Pynt with Cypress, use the following command:

pynt command --cmd "npx cypress run"

This will execute your Cypress tests while Pynt captures all API traffic and performs security analysis.

Running Specific Test Files

To run a specific test file with Pynt:

pynt command --cmd "npx cypress run --spec cypress.spec.cy.js"

Or for tests in subdirectories:

Example with Options

Here's a complete example with common Pynt options:

Configuration Options

Self-Signed Certificates

If your client is. validating SSL and can accept self-signed certificates, use the --self-signed flag:

Custom CA Certificate

If your client needs a specific certificate, provide the path to it with --ca-path:

Application Configuration

Link your scan to a specific application:

Test Naming

Use the --test-name flag to give your security scan a meaningful name:

Allow Errors

To continue security scanning even when tests fail:

Goat Example:

Here's a comprehensive example demonstrating Pynt with Cypress:

Download the test files:

Run Pynt

This will start a Pynt scan on Goat APIs, result should look like: