In Chapter 9, Testing APIs with Postman, and Chapter 10, Static Code Analysis with SonarQube, we talked about test automation with API tests with Postman on the one hand, and with static code analysis with SonarQube on the other hand.

In this chapter, we will discuss how to perform security and penetration tests on a web application using the ZAP tool based on the OWASP recommendations. Then, we will add to our Postman skills, with which we will perform performance tests on APIs. 

This chapter covers the following topics:

• Applying web security and penetration testing with ZAP
• Running performance tests with Postman