awesome-apisec

A collection of awesome API Security tools and resources.

Awesome Repositories

Repository	Description
awesome-security-apis	A collective list of public JSON APIs for use in security

Tools

Repository	Description
Arjun	HTTP parameter discovery suite
fuzzapi	Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem

Cheatsheets

Website	Description
owasp-api-security-top-10	OWASP API Security Top 10

Wiki's / Encyclopedias

Repository	Description
API Security Encyclopedia	APIsecurity.io - API Security Encyclopedia

Checklist

Repository	Description
API-Security-Checklist	Checklist of the most important security countermeasures when designing, testing, and releasing your API

Presentations / Videos

Repository	Description
pentesting-rest-apis	Pentesting Rest API's by :- Gaurang Bhatnagar
Securing your APIs	“How Secure are you APIs?” - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo
api-security-testing-for-hackers	API Security Testing For Hackers
bad-api-hapi-hackers	Bad API, hAPI Hackers!
disclosing-information-via-your-apis	Hidden in Plain Site: Disclosing Information via Your APIs
rest-in-peace-abusing-graphql	REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure

Other useful repositories

Repository	Description
Awesome REST	A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this on-going list.
How to design a REST API	How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
API Penetration Testing	API Penetration Testing with OWASP 2017 Test Cases
api-security-testing-how-to-hack	API Security Testing – How to Hack an API and Get Away with It (Part 1 of 3)