mirror of
https://github.com/arainho/awesome-api-security.git
synced 2024-10-01 01:06:11 -04:00
c85059cd37
Automated security testing for REST API's
4.6 KiB
4.6 KiB
awesome-apisec
A collection of awesome API Security tools and resources.
Awesome Repositories
Repository | Description |
---|---|
awesome-security-apis | A collective list of public JSON APIs for use in security |
Tools
Repository | Description |
---|---|
Arjun | HTTP parameter discovery suite |
fuzzapi | Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem |
kiterunner | Contextual Content Discovery Tool |
MindAPI | Organize your API security assessment by using MindAPI |
Astra | Automated Security Testing For REST API's |
Cheatsheets
Website | Description |
---|---|
owasp-api-security-top-10 | OWASP API Security Top 10 |
Wiki's / Encyclopedias
Website | Description |
---|---|
API Security Encyclopedia | APIsecurity.io - API Security Encyclopedia |
Checklist
Repository | Description |
---|---|
API-Security-Checklist | Checklist of the most important security countermeasures when designing, testing, and releasing your API |
Training / Labs
Website | Description |
---|---|
Kontra - OWASP Top 10 for API | Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints. |
Pentesting Lab: vAPI | vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises. |
Presentations / Videos
Website | Description |
---|---|
pentesting-rest-apis | Pentesting Rest API's by :- Gaurang Bhatnagar |
Securing your APIs | “How Secure are you APIs?” - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo |
api-security-testing-for-hackers | API Security Testing For Hackers |
bad-api-hapi-hackers | Bad API, hAPI Hackers! |
disclosing-information-via-your-apis | Hidden in Plain Site: Disclosing Information via Your APIs |
rest-in-peace-abusing-graphql | REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure |
Projects
Project | Description |
---|---|
owasp api security project | OWASP API Security Project - API Security Top 10 |
Newsletters
Newsletter | Description |
---|---|
api security articles | API Security Articles - The Latest API Security News, Vulnerabilities & Best Practices |
Other useful repositories
Website | Description |
---|---|
31-days-of-API-Security-Tips | This challenge is Inon Shkedy's 31 days API Security Tips. |
Awesome REST | A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this on-going list. |
How to design a REST API | How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc. |
API Penetration Testing | API Penetration Testing with OWASP 2017 Test Cases |
api-security-testing-how-to-hack | API Security Testing – How to Hack an API and Get Away with It (Part 1 of 3) |
GraphQL penetration testing | How to exploit GraphQL endpoint: introspection, query, mutations & tools |