We’ve released a number of improvements to the Schema-Based Testing capabilities within the Wallarm platform.

Broken Authentication (OWASP API2) Testing

Schema-based Testing now includes extended coverage for Broken Authentication (OWASP API2) issues in OpenAPI-based scans. The new checks help uncover common weaknesses such as missing authentication enforcement, weak token validation, JWT tampering, and exposed credentials in query strings.

Running Tests Without a Test Policy

You can now run tests without creating a predefined Test Policy. All parameters for a test run can be provided directly at runtime, allowing scans to be executed entirely from the command line. This provides greater flexibility for integrating Wallarm testing into automated workflows and CI/CD pipelines.

The capability supports both OpenAPI and Postman-based scans, and the “Generate test run command” wizard helps quickly prepare the required Docker command.

Other Updates

Additional improvements make test management more transparent and configurable.

You can now define success criteria for each test run directly in the UI, specifying the severity level of security issues that will mark a test run as failed.

New status tracking and filtering options also make it easier to monitor progress and review results efficiently.

Schema-Based Testing is available as part of Wallarm Security Testing. Read more about Schema-Based Testing in the documentation.