completely ridiculous API (crAPI)

API Security Project aims to present unique attack & defense methods in API Security field

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

This repository was developed using .NET 7.0 API technology based on findings listed in the OWASP 2019 API Security Top 10.

Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.

API Penetration Testing Notes

OWASP (Open Web Application Security Project) publishes a list of the top 10 security risks associated with web applications, including those related to APIs (Application Programming Interfaces). Here are the OWASP API Security Top 10 vulnerabilities, explained

API Returning/Manipulating Resources and Validating Input; Services, Dependency Injection and Entity Framework Core; Searching, Filtering, and Paging Resources; Securing, Versioning, Documenting and Rate Limiting API; Unit Testing; Consuming API with HttpClientFactory; Managing Data Display and User Input; AJAX Requests; Ensuring Web App Security;

Complete Package of API Firewalll (wallarm) with controller and panel

A complete package for security testing of REST, SOAP and GraphQL APIs for vulnerabilities.

This is a Python based API-Security framework containing ApiSecurityHeader.py script which will check the Security response headers mentioned in OWASP Secure Headers Project are present and contains the required value.

This project showcases a comprehensive implementation of authorization and middleware in a Laravel application. The focus is on demonstrating how to manage user permissions and protect routes using Laravel’s built-in authorization features and custom middleware.

Aakarshit,Bhaskar,Ayush