awesome-api-security
A curated list of tools, frameworks, standards, platforms, research, and learning resources for securing APIs.
https://github.com/brandonhimpfen/awesome-api-security
Last synced: about 3 hours ago
JSON representation
-
API Discovery & Inventory
- Akto - source API discovery and security testing platform.
- Postman API Network
- SwaggerHub
- Backstage
-
API Gateways & Protection
- Kong Gateway
- Apache APISIX - native API gateway with security controls.
- Tyk - source API gateway and management platform.
- Apigee
- AWS API Gateway
- Azure API Management
- Envoy Proxy - performance service proxy widely used in API architectures.
-
API Security Monitoring
-
API Security Platforms
-
API Security Testing
- OWASP ZAP - source web application and API security testing platform.
- Burp Suite
- Postman
- Insomnia
- Schemathesis - based API testing using OpenAPI schemas.
- 42Crunch API Security Testing - focused security testing and compliance platform.
- Tinfoil - source API security scanning and analysis tool.
- Dredd
-
API Specifications & Standards
- OWASP API Security Top 10
- OpenAPI Specification
- AsyncAPI - driven APIs.
- JSON Web Token (JWT)
- FAPI - grade API security standards.
- OAuth Security Best Current Practice
-
Authentication & Authorization
-
Communities
- OWASP
- Cloud Native Computing Foundation - native infrastructure and API ecosystems.
- OpenSSF
-
Learning Resources
-
Related Awesome Lists
- Awesome APIs - quality APIs, SDKs, and developer tools.
- Awesome Cybersecurity
- Awesome AI Security
- Awesome Mobile Security
- Awesome Privacy
- Awesome Threat Intelligence
- Awesome DevOps
- Awesome Cloud
- Awesome Software Architecture
- Awesome Web Development
Categories
Sub Categories
Keywords
awesome
7
awesome-list
7
awesome-lists
7
security
3
api
2
cybersecurity
2
idor
1
hacktoberfest2023
1
devsecops-pipeline
1
devsecops
1
authorization
1
authentication
1
api-testing
1
api-security-testing
1
api-security-posture
1
api-security
1
api-discovery
1
styleguide
1
rest-api
1
guidelines
1
owasp-top-10
1
security-testing
1
sensitive-data-exposure
1
threat-detection
1
apis
1
sdk
1
sdks
1
cloud
1
cloud-application
1
cloud-apps
1
devops
1
privacy
1
threat-intelligence
1
mobile
1
mobile-security
1