Penetration testing Spring Boot Application with CouchBase Database

zolkisst · September 14, 2021, 11:51am

Hello!

We have a Spring Boot based application with a CouchBase Database. My question is that do you have any tool (or could you suggest) which can make a good and valid testing through the exposed endpoints (described by an OpenAPI config) and can be run as part of CI/CD pipeline?
One the most needed feature would be the (No)SQL Injection report, but unfortunately we didn’t find any solution for it yet.
Tried the OWASP ZAP, but we don’t have any luck.

Thank you for your answers!

ianmccloy · September 18, 2021, 6:50pm

Hello zolkisst,

Thank you for using Couchbase.
I don’t want to give specifics publicly of how our product are security tested, but we do use a range of industry standard tools. For the most part the APIs that Couchbase use are standard HTTP REST endpoints, so any typical HTTP testing utility will work great. OWASP has a nice cheatsheet to follow when testing REST endpoints, REST Security - OWASP Cheat Sheet Series

Thank you,
Ian McCloy, Principal Product Manager