From 6b6e53b8140092682b3f86b22c37cbc4bda4c23f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Rainho?= Date: Tue, 21 Dec 2021 09:58:23 +0000 Subject: [PATCH] add a menu in readme --- README.md | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 2403ce4..8013ae5 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,34 @@ # [awesome-apisec](https://github.com/arainho/awesome-apisec) -**A collection of awesome API Security tools and resources.** +

A collection of awesome API Security tools and resources.

+ +

+ Awesome Repositories • + Tools • + Mind maps • + Checklist • + Cheatsheets • + Wiki's, Encyclopedias, GitBook's • + Books • + Training, Walkthrough, Labs • + Enumeration, Scanning • + Fuzzing, SecLists • + API Keys: Find and validate • + Firewalls • + Deliberately vulnerable APIs • + Presentations, Videos • + Playlists • + Podcasts • + Projects • + Newsletters • + Twitter • + HTTP 101 • + Design, Architecture, Development • + Specifications • + Other useful resources • +

+ +--- ## Awesome Repositories | Name | Description | @@ -71,7 +99,7 @@ | [Microservices Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Microservices_security.html) | Microservices - OWASP Security Cheat Sheet | | [JSON Web Token Security Cheat Sheet](https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf) | PentesterLab - JSON Web Token Security Cheat Sheet | -## Wiki's / Encyclopedias / GitBook's +## Wiki's, Encyclopedias, GitBook's | Name | Description | | ---- | ----------- | | [API Security Encyclopedia](https://apisecurity.io/encyclopedia/content/api-security-encyclopedia.htm) | APIsecurity.io - API Security Encyclopedia | @@ -84,7 +112,7 @@ | Neil Madden | [API Security in Action](https://www.manning.com/books/api-security-in-action)| API Security in Action teaches you how to create secure APIs for any situation. | | Corey Ball | [Hacking APIs](https://nostarch.com/hacking-apis)| Breaking Web Application Programming Interfaces | -## Training / Walkthrough / Labs +## Training, Walkthrough, Labs | Name | Description | | ---- | ----------- | | [Kontra - OWASP Top 10 for API](https://application.security/free/owasp-top-10-API) | Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints. | @@ -92,14 +120,14 @@ | [ShipFast - Practical API Security Walkthrough](https://github.com/approov/shipfast-api-protection) | Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation. | | [Hacker101 CTFs - GraphQL challenges](https://www.hackerone.com/ethical-hacker/graphql-week-hacker101-capture-flag-challenges) | GraphQL Week on The Hacker101 Capture the Flag Challenges | -## Enumeration / Scanning +## Enumeration, Scanning | Name | Description | | ---- | ----------- | | [Burp enumeration](https://portswigger.net/support/using-burp-to-enumerate-a-rest-api) | Using Burp to Enumerate a REST API | | [ZAP scanning](https://www.zaproxy.org/blog/2017-06-19-scanning-apis-with-zap/) | Scanning APIs with ZAP | | [w3af scanning](http://docs.w3af.org/en/latest/scan-rest-apis.html) | Scan REST APIs with w3af | -## Fuzzing / SecLists +## Fuzzing, SecLists | Name | Description | | ---- | ----------- | | [Common API endpoints](https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common-api-endpoints-mazen160.txt) | Wordlist for common API endpoints. | @@ -111,7 +139,7 @@ | [API Common methods](https://github.com/fuzzdb-project/fuzzdb/tree/master/discovery/common-methods) | API Common methods provided by fuzzdb. | | [GraphQL SecList](https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/graphql.txt) | It's a GraphQL list used during security assessments, collected in one place. | -## API Keys: Find & validate +## API Keys: Find and validate | Name | Description | | ---- | ----------- | | [Key-Checker](https://github.com/daffainfo/Key-Checker)| Go scripts for checking API key / access token validity. | @@ -136,7 +164,7 @@ | [VAmPI](https://github.com/erev0s/VAmPI)| Vulnerable REST API with OWASP top 10 vulnerabilities for APIs | | [Websheep](https://github.com/marmicode/websheep) | Websheep is an app based on a willingly vulnerable ReSTful APIs. | -## Presentations / Videos +## Presentations, Videos | Name | Description | | ---- | ----------- | | [pentesting-rest-apis](https://www.slideshare.net/OWASPdelhi/pentesting-rest-apis-by-gaurang-bhatnagar) | Pentesting Rest API's by Gaurang Bhatnagar | @@ -184,7 +212,7 @@ | [HTTP Status Codes](https://httpstatuses.com/) | httpstatuses.com is an easy to reference database of HTTP Status Codes with their definitions and helpful code references all in one place. | |[Know your HTTP * Well](https://github.com/for-GET/know-your-http-well)| HTTP headers, media-types, methods, relations and status codes, all summarized and linking to their specification. | -## Design / Architecture / Development +## Design, Architecture, Development | Name | Description | | ---- | ----------- | | [The API Specification Toolbox](http://api.specificationtoolbox.com) | This Toolbox goal is to try and map out all of the different API specifications in use, as well as the services, tooling, extensions, and other supporting elements. |