Editing built in test
This document guides users on how to edit built-in tests using the Akto dashboard. It provides instructions on selecting and editing pre-existing tests. You can select any test from the test-library and start editing. Here are the steps to follow:
On the Akto dashboard, navigate to
Test Editor
section in the left navigation bar..png?alt=media&token=f5bc313b-4a30-4357-bd95-99b909753265)
Select test editor from Left-nav
Click on any test from the list of tests in the test editor. For instance, let's click on
Broken User Authentication
and then on the test named Broken Authentication by removing auth token
. This will display a YAML template with an ID of REMOVE_TOKEN
..png?alt=media&token=8b453f13-4d00-46ce-8ae6-294973de6d96)
Click on the YAML file to make changes. For example, if you want a custom description for a test, simply delete the old description and replace it with a new one, such as
My Custom Description for Broken Authentication Test
.description: My Custom Description for Broken Authentication Test
.png?alt=media&token=c6058d0e-84c0-405d-b1a9-5eb5fb0b4bce)
Edit the YAML
Click on the Save icon located at the top of the page to create your first custom template. Your new template will be visible in the Custom section.
.png?alt=media&token=b5c626b5-e3ba-4c5f-8a4b-a80f1940312c)
The new test shows up in Custom section
👉🏻 Please note that these changes will not affect the default Akto template. It will only create a new edited template available only to you.
Let's take a few more examples to see how the custom template feature can be useful and how to use it to create tests specific to your requirements.
- 1.Search for the test
Possible Dos by Pagination misconfiguration
, type this in the search bar in the top left corner. Click onPossible Dos by Pagination misconfiguration
.png?alt=media&token=0e3bd40f-09ef-46eb-b9de-ecbdd6bfa05f)
- 2.If we review the API selection filters of the above yaml, we will see the following:
API selection filters
api_selection_filters:
query_param:
for_one:
key:
or:
- regex: .*limit.*
- regex: .*size.*
- regex: .*page.*
extract: limitKey
value:
extract: limitValue
response_payload:
length:
extract: original_length
The above YAML code is part of the API selection filters in the Akto dashboard. It applies a condition on query parameter keys where it should satisfy at least one of the three regex conditions, namely
.*limit.*
, .*size.*
, and .*page.*
. If a query parameter key satisfies the above condition, it's extracted in the variable limitKey
, and the value associated with the key is extracted in limitValue
. Finally, the response payload length is extracted at the end in the variable original_length
.- 3.Suppose we only want to run this test on endpoints that have a response code of 2xx. We can easily make these changes and create our own custom test. Yaml Syntax for the new filter -
yaml with response code filter
response_code:
gte: 200
lte: 205
- 4.Final filter would like like this
Final filter
api_selection_filters:
response_code:
gte: 200
lte: 205
query_param:
for_one:
key:
or:
- regex: .*limit.*
- regex: .*size.*
- regex: .*page.*
extract: limitKey
value:
extract: limitValue
response_payload:
length:
extract: original_length
- 5.Let’s do these changes in the Akto test
.png?alt=media&token=f79c671a-8dd1-417d-adaf-835f7d3031aa)
- 6.Let’s save the changes. This would now create your own custom template. Yay!
.png?alt=media&token=7dc5c4e6-efbb-48ce-aaac-e3d150bec64b)
Last modified 2mo ago