Awesome-Mirrors/awesome-api-security
1
0
Fork 0
mirror of https://github.com/arainho/awesome-api-security.git synced 2024-10-01 01:06:11 -04:00
Code Issues Packages Projects Releases Wiki Activity
b0eca97d1d
awesome-api-security/README.md
André Rainho b0eca97d1d
add owasp api security project and fix other info
2021-05-09 11:23:01 +01:00

62 lines
4.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# [awesome-apisec](https://github.com/arainho/awesome-apisec)
**A collection of awesome API Security tools and resources.**
## Awesome Repositories
Repository | Description
---- | ----
[awesome-security-apis](https://github.com/jaegeral/security-apis)| A collective list of public JSON APIs for use in security
## Tools
Repository | Description
---- | ----
[Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery suite
[fuzzapi](https://github.com/Fuzzapi/fuzzapi)| Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
[kiterunner](https://github.com/assetnote/kiterunner)| Contextual Content Discovery Tool
[MindAPI](https://github.com/dsopas/MindAPI)| Organize your API security assessment by using MindAPI
## Cheatsheets
Website | Description
---- | ----
[owasp-api-security-top-10](https://apisecurity.io/encyclopedia/content/owasp-api-security-top-10-cheat-sheet-a4.pdf) | OWASP API Security Top 10
## Wiki's / Encyclopedias
Website | Description
---- | ----
[API Security Encyclopedia](https://apisecurity.io/encyclopedia/content/api-security-encyclopedia.htm) | APIsecurity.io - API Security Encyclopedia
## Checklist
Repository | Description
---- | ----
[API-Security-Checklist](https://github.com/shieldfy/API-Security-Checklist) | Checklist of the most important security countermeasures when designing, testing, and releasing your API
## Training / Labs
Website | Description
---- | ----
[Kontra - OWASP Top 10 for API](https://application.security/free/owasp-top-10-API) | Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints.
## Presentations / Videos
Website | Description
---- | ----
[pentesting-rest-apis](https://www.slideshare.net/OWASPdelhi/pentesting-rest-apis-by-gaurang-bhatnagar) | Pentesting Rest API's by :- Gaurang Bhatnagar
[Securing your APIs](https://owasp.org/www-chapter-singapore/assets/presos/Securing_your_APIs_-_OWASP_API_Top_10_2019,_Real-life_Case.pdf) | “How Secure are you APIs?” - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo
[api-security-testing-for-hackers](https://www.bugcrowd.com/resources/webinars/api-security-testing-for-hackers) | API Security Testing For Hackers
[bad-api-hapi-hackers](https://www.bugcrowd.com/resources/webinars/bad-api-hapi-hackers)| Bad API, hAPI Hackers!
[disclosing-information-via-your-apis](https://www.bugcrowd.com/resources/webinars/hidden-in-plain-site-disclosing-information-via-your-apis/) | Hidden in Plain Site: Disclosing Information via Your APIs
[rest-in-peace-abusing-graphql](https://www.bugcrowd.com/resources/webinars/rest-in-peace-abusing-graphql-to-attack-underlying-infrastructure) | REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure
## Projects
[owasp api security project](https://owasp.org/www-project-api-security/) | OWASP API Security Project - API Security Top 10
## Other useful repositories
Website | Description
---- | ----
[31-days-of-API-Security-Tips](https://github.com/smodnix/31-days-of-API-Security-Tips) | This challenge is Inon Shkedy's 31 days API Security Tips.
[Awesome REST](https://github.com/marmelab/awesome-rest) | A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this on-going list.
[How to design a REST API ](https://blog.octo.com/en/design-a-rest-api) | How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
[API Penetration Testing](https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases) | API Penetration Testing with OWASP 2017 Test Cases
[api-security-testing-how-to-hack](https://smartbear.com/blog/test-and-monitor/api-security-testing-how-to-hack-an-api-part-1/)| API Security Testing How to Hack an API and Get Away with It (Part 1 of 3)
[GraphQL penetration testing](https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/) | How to exploit GraphQL endpoint: introspection, query, mutations & tools
Reference in New Issue View Git Blame Copy Permalink