Explore a comprehensive collection of resources designed to enhance the security of your APIs. This repository includes invaluable assets such as checklists, wordlists, GraphQL insights, JSON guides, and Logger++ filters. Additionally, you'll find hands-on labs for practical learning on API vulnerabilities.
|
Learn about API basics, types (including REST, GraphQL, and SOAP), essential HTTP request methods, common headers, and key concepts like API objects and actions. Gain insights into the distinctions between SOAP, REST, and GraphQL. |
|
Learn about the key concepts of GraphQL, including query language, data types, and operations (queries, mutations, and subscriptions). Explore the components of queries and mutations, the role of the schema, and the powerful tool of GraphQL introspection. |
|
Learn about JSON's lightweight and human-readable structure, ideal for data transmission and storage in APIs and configuration files. Explore its data types, including strings, numbers, Booleans, NULL values, arrays, and objects. |
|
A curated collection of Logger++ filters for API requests and responses. Each filter is accompanied by a clear description, making it easy to customize Logger++ for your API security testing and debugging needs. |
|
A collection of vulnerable API lab setups in this resource. This file provides detailed instructions for setting up various vulnerable APIs, including VAmPI, crAPI by OWASP, vAPI, Tiredful-API, vulnapi, Damn Vulnerable GraphQL Application (DVGA), poc-graphql, Websheep, and DVWS-node. |
|
A comprehensive checklist for API security assessment, covering REST API, GraphQL, and more. Test for common vulnerabilities, such as Broken Object Level Authorization (BOLA), Mass Assignment, Improper Assets Management, and more. |
|
Find common API paths, endpoints, parameters, and insights into objects and actions. These resources are valuable for enhancing your API security and testing practices." |