What do you like best about the product?

Pynt focuses on testing apps for issues before production, in the most accurate manner. We found traditional DAST solutions to be inaccurate and slow, but most importantly, not focused on the API layer, producing a lot of false positives, slowing down our CI/CD pipeline. Pynt cuts the time spent on API issues by 90% and dramatically improves the process.

What do you dislike about the product?

Nothing major. It’s a new app so they can improve some UI stuff, but it doesn’t hurt usability.

What problems is the product solving and how is that benefiting you?

Test for API security issues.

What do you like best about the product?

It integrates easily to CI/CD so you can forget about it. It also has tools to differentiate between vulnerabilities (OWASP for example), so you don’t need to prioritize really. In general that results are far more concise and accurate so we don’t need to prioritize, and just get the real verified issues.

What do you dislike about the product?

Nothing really. It makes my life easier.

What problems is the product solving and how is that benefiting you?

Automated api security testing to track verified vulnerabilities, suggested fix, integration to CI/CD, automated pentests

What do you like best about the product?

The thing I like the most about Pynt is how its integration with Docker and CI/CD allows us to streamline our security testing, saving a lot of time and resources.
It has been critical in catching vulnerabilities early and reducing security risks in our APIs.

What do you dislike about the product?

Nothing, the app does a better job than most apps that are available. Most solutions we’ve seen cannot handle business logic and API issues.

What problems is the product solving and how is that benefiting you?

Automated api security testing to track verified vulnerabilities, suggested fix, integration to CI/CD, automated pentests

What do you like best about the product?

Easy to use the product, outstanding support, the tool delivers what we are looking for.
Pynt provides the best accuracy from other tools in the market. We were surprised at its findings and discovered issues we didn’t know we had.

What do you dislike about the product?

There are no negative feedback from my perspective.

What problems is the product solving and how is that benefiting you?

We use Pynt to track API security vulnerabilities, we just started using JIRA to streamline the fixes, and we’re using automated API pentest reports for periodical reviews.

What do you like best about the product?

Pynt found the system that best solves the API security gap. By implementing it on the testing side, our QA can mitigate app security issues before they get into production.
It’s efficient, easy, and helps us level up our QA and dev teams.

What do you dislike about the product?

Actually, nothing special I didn’t like.

What problems is the product solving and how is that benefiting you?

Security testing in the SDLC, application security testing with tools.

What do you like best about the product?

As a penetration tester who has been working in the industry for past couple of years Pynt is the most suitable tool for API security testing. Though there are many other API testing tools in market, Pynt provides more integration with postman and burp suit which makes it easier and less stressful.

What do you dislike about the product?

Initial setup was a bit tricky as we have to install it via PIP. So there's a higher chance for environment variable conflict.

What problems is the product solving and how is that benefiting you?

As pynt runs inside postman collection it enables all kind of tests including business logic. And results are near zero false positive.

What do you like best about the product?

Pynt offers an intuitive UI, making it accessible to developers and testers with varying levels of experience.Pynt integrates well with popular tools like Postman, jenkins, selenium.Pynt's AI powered engine can identify complex business logic issues that can be missed by other tools.
Pynt provides detailed real time reporting which allows users to quickly identify issues.

What do you dislike about the product?

Pynt has a free tier, but honestly, it’s pretty limited. If you’re part of a small team or just testing out the waters, it might not give you everything you need. The more robust features, like deeper automation and advanced reporting, are locked behind a paywall.

What problems is the product solving and how is that benefiting you?

Pynt is helping in automated security testing as manually testing APIs for security flaws can be time-consuming and inconsistent. Pynt automates this process, running tests across your entire API landscape to flag potential risks and weaknesses automatically.
Automated testing saves the time and hassle of manual checks, allowing team to focus on building features rather than hunting for security flaws. It’s a more efficient way to ensure API security without dedicating too many resources.
Pynt also helps in protecting APIs from potential breaches through early vulnerabilities detection.

What do you like best about the product?

Pynt is a remarkable no-code security scanning tool that fills a significant gap in API testing. While many companies rely on Postman for API execution and testing, Postman lacks the capability to validate security vulnerabilities within collections. Pynt steps in to provide that crucial functionality, enabling seamless verification of existing Postman collections to uncover potential vulnerabilities.

One of the standout features of Pynt is its ease of use. Being Docker-based, it requires minimal setup, allowing users to get started quickly. The user interface is intuitive and user-friendly, making it accessible to both technical and non-technical users. I highly recommend Pynt for anyone looking to enhance their API security testing.

What do you dislike about the product?

At present, I don't see any significant drawbacks with the Pynt tool. I had previously provided feedback on improving the HTML reporting feature, and I'm impressed by how swiftly the Pynt team, especially Ofer and Tzvika, addressed it. Their responsiveness to user feedback and commitment to continuous improvement is commendable. Pynt is a tool that evolves with its users' needs, and I look forward to seeing more enhancements in the future.

Additional Thoughts:
Pynt is not just a tool; it's a solution that empowers teams to elevate their API security practices. Its integration with existing workflows and the proactive support from the Pynt team make it a standout choice for any organization serious about API security. The fact that it's easy to set up and use means it can be quickly adopted without disrupting current processes, making it a vital asset for developers and testers alike.

What problems is the product solving and how is that benefiting you?

Pynt solves key challenges in API security testing, particularly in detecting vulnerabilities within API collections that traditional tools like Postman miss. By integrating seamlessly with Postman, Pynt enables teams to uncover and address security risks efficiently.

Its no-code approach makes security testing accessible to everyone, regardless of technical expertise, while the Docker-based setup ensures quick and easy integration into existing workflows. Pynt’s user-friendly interface promotes team collaboration, making security a shared responsibility. The Pynt team's responsiveness to feedback and continuous improvements make it a vital tool for robust API security.

What do you like best about the product?

I've been using Pynt for several months now, and it has become an indispensable tool for our API security testing. Here’s a detailed look at my experience and why I highly recommend it to others in the industry.

Broad Capabilities:

Pynt offers a robust suite of features that extends beyond its notable integrations, such as Postman. What stands out is its comprehensive approach to API security testing. Whether you're working with REST, SOAP, or GraphQL APIs, Pynt has the capabilities to thoroughly test and secure them. The platform provides in-depth vulnerability assessments and compliance checks, which are crucial for maintaining the security and integrity of our applications.

Versatility and Integrations:

While Pynt's integration with Postman is a highlight, it's worth noting that its value extends much further. The tool integrates seamlessly with various CI/CD pipelines and other security tools, which enhances our workflow and ensures that security checks are a continuous part of our development process. This flexibility allows for better customization and integration into our existing systems, making security testing a natural part of our development cycle.

Clarity on Offerings:

Pynt offers a "free tier" that is particularly beneficial for small teams or individual developers. This tier provides access to essential features that allow users to get a feel for the platform's capabilities before committing to more advanced plans. It's important to clarify that while there is a free tier, some advanced features are part of the paid plans. This structure helps users scale their usage according to their needs and budget.

Ease of Use and Impact:

One of the most impressive aspects of Pynt is its user-friendly interface. The platform is intuitive, with well-organized dashboards and easy-to-navigate menus. This makes it accessible even for those who may not have extensive experience with API security tools. The visual representation of data and results is particularly helpful, allowing users to quickly understand vulnerabilities and take appropriate action.

Authentic Experience:

My experience with Pynt has been positive overall. The tool has effectively identified several critical vulnerabilities that we were previously unaware of, helping us address these issues before they could become major problems. The support team has also been responsive and helpful whenever we had questions or needed assistance, which further enhances the overall experience.

Conclusion:

In summary, Pynt is a powerful and versatile tool for API security testing. Its broad capabilities, extensive integrations, and user-friendly design make it a valuable asset for any team concerned with securing their APIs. The availability of a "free tier" allows users to explore the tool's features, and the supportive team behind it adds to the overall positive experience. I highly recommend Pynt to anyone looking to enhance their API security and streamline their testing processes.

My playlist about Pynt
https://www.youtube.com/playlist?list=PLdLZyV6tp2sqQiCyIPlBeeTCcutV5Rt09

What do you dislike about the product?

Not seen much downside about pynt. Excellent customer support team

What problems is the product solving and how is that benefiting you?

One of the most impressive aspects of Pynt is its user-friendly interface. The platform is intuitive, with well-organized dashboards and easy-to-navigate menus. This makes it accessible even for those who may not have extensive experience with API security tools. The visual representation of data and results is particularly helpful, allowing users to quickly understand vulnerabilities and take appropriate action.

What do you like best about the product?

Pynt created a very easy approach to DAST scanning by proxying network calls. This approach helps circumvent the hardest part of setting up DAST - getting authentication working in a test account. Using in CICD pipeline, we are frequently using this tool for our day to day uses. Also it provides slack community support, which caters to resolving issues faster.

What do you dislike about the product?

While the postman integration works smoothly, it would be better if you can provide out of the box HTML report, which can be readily shared with our stakeholders like CTO and VP of engineering.

What problems is the product solving and how is that benefiting you?

Pynt is easy to use API security testing solution which enables developers and testers to run the security tests against APIs to find and mitigate vulnerabilities throughout the development lifecycle. This has reduced our Infosec clearance cycle which used to take 2 days per API for signoff.