Syhunt API scanner adds support for Postman Collections

Syhunt is proud to announce the expansion of its Syhunt API security scanner with full support for Postman Collections specifications (versions 1.0, 2.0 and 2.1) — further strengthening its API security testing capabilities introduced in version 7.1.9 of Syhunt Hybrid.

Building on its proven expertise in web and mobile application security, Syhunt API now extends its capabilities to support dynamic security testing directly from Postman Collection files, making it easier for development and security teams to assess API endpoints used during testing and integration workflows.

With support for Postman Collections in addition to API Blueprint, OpenAPI, and Swagger formats, Syhunt API continues to deliver comprehensive coverage, detecting over 581 API-specific vulnerabilities across more than 30 categories — including standard and out-of-band attack types — with high accuracy and minimal false positives.

Coming Next: An Ongoing Inventory of APIs

In an upcoming update, Syhunt plans to expand its API coverage into full-spectrum API Attack Surface Management (AASM) by combining dynamic analysis (DAST), log-based discovery, and source-level analysis. The upcoming Syhunt API Plus product will automate the discovery and continuous security testing of all APIs - whether documented, internal, shadow, zombie, orphan, or third-party endpoints.

Improvements in 7.1.10

• API: added support for Postman Collections API specification format (versions 1, 2 and 2.1)
• API: improved API Blueprint support.
• Added integration compatibility with the cloud version of Jira.
• Code: Added detected programming languages to the top of the scan report.
• Revised CWE references in the entire Syhunt vulnerability database.
• Dynamic: improved timeout resilience during spidering stage.
• Dynamic: additional spidering optimizations and anti-loop prevention.
• Web UI: Operators now can edit target passwords in Target Preferences screen, but cannot view them.
• CLI command: scancore -apiprefdisable:permission_adminscan allows disabling the permission of web UI administrator to launch scans.
• Fixed: a glitch that could prevent a connector password to be displayed and edited correctly in the web UI.

That's all, for now. Happy bug hunting!