Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-apisec
https://github.com/jcabrale/awesome-apisec
- awesome-security-apis
- BatchQL
- clairvoyance
- InQL - A Burp Extension for GraphQL Security Testing. |
- GraphQLmap
- graphql-path-enum
- graphql-playground
- APICheck
- APIClarity - time workload traffic seamlessly. |
- APIFuzzer
- APIKit
- Arjun
- Astra
- Automatic API Attack Tool
- Firecracker
- ffuf
- fuzzapi - Fuzzerd uses API_Fuzzer gem. |
- gotestwaf - source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses |
- kiterunner
- RESTler
- Swagger-EZ
- TnT-Fuzzer
- wadl-dumper
- fuzz-lightyear - inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing. |
- Wsdler
- wsdl-wizard
- SoapUI - source cross-platform functional testing solution for APIs and web services. |
- David Sopas
- Mufaddal Masalawala
- Harsh Bothra
- API-Security-Checklist
- 31 days of API Security Tips
- API audit checklist
- another API Security checklist
- OAuth2: Security checklist
- REST Security Cheat Sheet - OWASP Cheat Sheet Series |
- REST Assessment Cheat Sheet - OWASP Cheat Sheet Series |
- OWASP API Security Top 10 - OWASP API Security Top 10 |
- GraphQL Cheat Sheet - OWASP Cheat Sheet Series |
- Microservices Security Cheat Sheet - OWASP Security Cheat Sheet |
- JSON Web Token Security Cheat Sheet - JSON Web Token Security Cheat Sheet |
- API Security Encyclopedia - API Security Encyclopedia |
- Web API Pentesting - Web API Pentesting |
- APIs Pentest Book - APIs Pentest Book |
- API Security in Action
- Hacking APIs
- Kontra - OWASP Top 10 for API
- Pentesting Lab: vAPI - Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises. |
- ShipFast - Practical API Security Walkthrough
- Hacker101 CTFs - GraphQL challenges
- Burp enumeration
- ZAP scanning
- w3af scanning
- Common API endpoints
- List of API endpoints & objects
- List of Swagger endpoints
- SecLists for API's web-content discovery
- Kiterunner Wordlists
- API Routes Wordlists - Automated Wordlists provided by Assetnote |
- API Common methods
- GraphQL SecList
- Key-Checker
- Keyhacks
- API Key Leaks: Tools and exploits
- Private key usage verification
- Wallarm Free API Firewall - weight API proxy firewall for request and response validation by OpenAPI specs. |
- APISandbox - Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose. |
- crAPI
- Damn-Vulnerable-GraphQL-Application
- DamnVulnerableMicroServices
- dvws-node
- Generic-University
- VAmPI
- Websheep
- pentesting-rest-apis
- Securing your APIs - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo. |
- api-security-testing-for-hackers
- bad-api-hapi-hackers
- disclosing-information-via-your-apis
- rest-in-peace-abusing-graphql
- Everything API Hacking - Fear, @InsiderPhD, and other people creating a playlist of API hacking knowledge! |
- Hacking APIs
- Hack Your API-Security Testing - Security Testing. |
- The OWASP API Security Project
- Episode 38 API Security Best Practices
- owasp api security project - API Security Top 10 |
- api security articles - The Latest API Security News, Vulnerabilities & Best Practices. |
- @apisecurityio
- Know your HTTP Headers!
- Know your HTTP Methods!
- Know your HTTP Status codes!
- HTTP Status Codes
- Know your HTTP * Well - types, methods, relations and status codes, all summarized and linking to their specification. |
- The API Specification Toolbox
- Understanding gRPC, OpenAPI and REST
- REST API Design Guide
- How to design a REST API - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
- Awesome REST
- Collect API Requirements
- API Audit
- AscyncAPI
- OpenAPI
- JSON API
- GraphQL
- RAML
- API Security Guide
- API Security best practices guide - API Security Best Practices MegaGuide |
- API Penetration Testing
- API Pentesting with Swagger Files
- API security articles - API security articles. |
- API Security Testing - Principles of API Security Testing and how to perform a Security Test on an API. |
- How to Hack an API and Get Away with It
- How to Hack APIs in 2021 - How to Hack APIs in 2021 |
- How to Hack API in 60 minutes with Open Source Tools
- GraphQL penetration testing
- Fixing the 13 most common GraphQL Vulnerabilities
- Hacking APIs - Notes from Bug Bounty Bootcamp
- SOAP Security Vulnerabilities and Prevention
- API and microservice security
- Strengthening Your API Security Posture
- The Fault in Our Stars
Programming Languages
Keywords
security
10
api
9
graphql
6
owasp
5
api-security
4
bugbounty
4
penetration-testing
4
fuzzer
4
security-tools
4
openapi
3
swagger
3
graphql-security
3
rest
2
fuzz
2
pentesting
2
python
2
burp-extensions
2
bugbounty-tool
2
rest-security
2
json-api
2
json
2
waf
2
web-application-firewall
2
web-application-security
2
apisec
1
api-sec
1
python3
1
api-fuzzer
1
api-fuzzing
1
api-testing
1
parameter-discovery
1
recon
1
ci-cd
1
penetration-testing-framework
1
postman-collection
1
restapiautomation
1
sdlc
1
security-automation
1
infosec
1
web
1
automation
1
rails
1
ruby
1
security-vulnerability
1
grpc-security
1
on-prem
1
open-source
1
soapui-oss
1
awesome-list
1
siem
1