In my organization we have pretty stringent requirements on security, and all of our http endpoints get tested with the BURP suite from PortSwigger.net. My service is accepting bi-directional streaming requests and now it needs to be tested. Like i mentioned the default tool is BURP and the only mention of gRPC I could find is this https://forum.portswigger.net/thread/http-2-and-grpc-support-52da4c5677b4
Has anyone done this kind of testing? If so, could you please share how you did it?
The question to gRPC devs - how do you validate and perform vulnerability scans on gRPC endpoints? What is the best way to address this need?