We’re excited to announce that Schema-Based Testing is now generally available as part of the Wallarm Security Testing suite.

This release introduces Dynamic Application Security Testing (DAST) for APIs, enabling shift-left API testing and seamless integration into CI/CD pipelines and the SDLC process.

Key Highlights

Expanded Vulnerability Coverage:

• OWASP API Top 10 risks
• Business Logic flaws (BOLA, BFLA)
• Input validation issues (Injections, RCE, Path Traversal)
• Environment misconfigurations
• GraphQL misconfigurations

Supported Inputs:

• OpenAPI specifications
• Postman collections (for advanced testing of business logic scenarios and access control violations)

Schema-Based Testing runs on a lightweight Docker-based agent, ensuring fast and isolated execution. It supports both one-time scans for quick assessments and continuous testing integrated into CI/CD pipelines, making it flexible for different stages of the development lifecycle.

Test results are available locally for immediate review and are also synced to the Wallarm Console, where issues can be tracked and prioritized. Users can define a configurable risk-level threshold to automatically determine when a test run should fail, aligning security checks with organizational policies. You can learn more in the Wallarm documentation.