A collection of awesome API Security tools and resources.
Name
Description
Arjun
HTTP parameter discovery suite
fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
kiterunner
Contextual Content Discovery Tool
MindAPI
Organize your API security assessment by using MindAPI
Astra
Automated Security Testing For REST API's
Automatic API Attack Tool
Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
Wiki's / Encyclopedias / GitBook's
Name
Description
API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
Name
Description
Kontra - OWASP Top 10 for API
Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints.
Pentesting Lab: vAPI
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises.
Deliberately vulnerable APIs
Name
Description
crAPI
completely ridiculous API (crAPI)
VAmPI
Vulnerable REST API with OWASP top 10 vulnerabilities for APIs
dvws-node
Damn Vulnerable Web Service is a vulnerable web service/API/application that can be used to learn webservices/API vulnerabilities.
DamnVulnerableMicroServices
This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development)
Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Newsletter
Description
api security articles
API Security Articles - The Latest API Security News, Vulnerabilities & Best Practices
Name
Description
How to design a REST API
How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
Awesome REST
A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this on-going list.
31 days of API Security Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
API Security Guide
API Security: The Definitive Guide
API Penetration Testing
API Penetration Testing with OWASP 2017 Test Cases
How to Hack an API and Get Away with It
API Security Testing – How to Hack an API and Get Away with It (Part 1 of 3)
GraphQL penetration testing
How to exploit GraphQL endpoint: introspection, query, mutations & tools
SOAP Security Vulnerabilities and Prevention
SOAP Security: Top Vulnerabilities and How to Prevent Them
API and microservice security
A guide from PortSwigger: What is API and microservice security?