Giter Site home page Giter Site logo

awesome-api-security's Introduction

awesome-apisec

A collection of awesome API Security tools and resources.

Awesome Repositories

Name Description
awesome-security-apis A collective list of public JSON APIs for use in security

Tools

Name Description
Arjun HTTP parameter discovery suite
fuzzapi Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
kiterunner Contextual Content Discovery Tool
MindAPI Organize your API security assessment by using MindAPI
Astra Automated Security Testing For REST API's
Automatic API Attack Tool Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

Cheatsheets

Name Description
REST Security Cheat Sheet REST Security - OWASP Cheat Sheet Series
REST Assessment Cheat Sheet REST Assessment - OWASP Cheat Sheet Series
OWASP API Security Top 10 42Crunch - OWASP API Security Top 10
GraphQL Cheat Sheet GraphQL - OWASP Cheat Sheet Series
Microservices Security Cheat Sheet Microservices - OWASP Security Cheat Sheet

Wiki's / Encyclopedias / GitBook's

Name Description
API Security Encyclopedia APIsecurity.io - API Security Encyclopedia
Web API Pentesting HackTricks - Web API Pentesting

Checklist

Name Description
API-Security-Checklist Checklist of the most important security countermeasures when designing, testing, and releasing your API

Training / Labs

Name Description
Kontra - OWASP Top 10 for API Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints.
Pentesting Lab: vAPI vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises.

Enumeration / Scanning

Name Description
Burp Enumeration Using Burp to Enumerate a REST API
ZAP Scanning Scanning APIs with ZAP

Fuzzing / SecLists

Name Description
List of API endpoints & objects A list of 3203 common API endpoints and objects designed for fuzzing.
List of Swagger endpoints Swagger endpoints
SecLists for API's web-content discovery It is a collection of web content discovery lists for APIs used during security assessments.
GraphQL SecList It's a GraphQL list used during security assessments, collected in one place.

Deliberately vulnerable APIs

Name Description
crAPI completely ridiculous API (crAPI)
VAmPI Vulnerable REST API with OWASP top 10 vulnerabilities for APIs
dvws-node Damn Vulnerable Web Service is a vulnerable web service/API/application that can be used to learn webservices/API vulnerabilities.
DamnVulnerableMicroServices This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development)
Damn-Vulnerable-GraphQL-Application Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Presentations / Videos

Name Description
API hacking for Inexperienced hacker API hacking for the Actually Pretty Inexperienced hacker with Katie Paxton-Fear - OWASP DevSlop
pentesting-rest-apis Pentesting Rest API's by :- Gaurang Bhatnagar
Securing your APIs “How Secure are you APIs?” - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo
api-security-testing-for-hackers API Security Testing For Hackers
bad-api-hapi-hackers Bad API, hAPI Hackers!
disclosing-information-via-your-apis Hidden in Plain Site: Disclosing Information via Your APIs
rest-in-peace-abusing-graphql REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure

Podcasts

Podcast Description
Podcast: Hacking APIs The Hacker Mind Podcast: Hacking APIs

Projects

Project Description
owasp api security project OWASP API Security Project - API Security Top 10

Newsletters

Newsletter Description
api security articles API Security Articles - The Latest API Security News, Vulnerabilities & Best Practices

Other useful resources

Name Description
How to design a REST API How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
Awesome REST A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this on-going list.
31 days of API Security Tips This challenge is Inon Shkedy's 31 days API Security Tips.
API Security Guide API Security: The Definitive Guide
API Penetration Testing API Penetration Testing with OWASP 2017 Test Cases
How to Hack an API and Get Away with It API Security Testing – How to Hack an API and Get Away with It (Part 1 of 3)
GraphQL penetration testing How to exploit GraphQL endpoint: introspection, query, mutations & tools
SOAP Security Vulnerabilities and Prevention SOAP Security: Top Vulnerabilities and How to Prevent Them
API and microservice security A guide from PortSwigger: What is API and microservice security?

awesome-api-security's People

Contributors

arainho avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.