Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-api-security-essentials
Awesome API Security: A Curated Collection of Resources for Bulletproof API Protection!
https://github.com/JBAhire/awesome-api-security-essentials
Last synced: 4 days ago
JSON representation
-
π Vulnerable APIs
- GitHub
- GitHub - site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | [erev0s](https://github.com/erev0s) | Yes |
- GitHub
- GitHub - site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | Appsecco | Yes |
- GitHub
- GitHub - site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | OWASP | Yes |
- GitHub
- GitHub - site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | Webpwnized | Yes |
- GitHub
- GitHub - commerce web app | SQL Injection, Broken Authentication, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | Rapid7 | Yes |
- SourceForge - commerce web app for security training | SQL Injection, Broken Authentication, Sensitive Data Exposure, Insecure Deserialization, Broken Access Control, Security Misconfiguration | [Badstore.net](http://Badstore.net) | Yes |
- GitHub - site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | OWASP | Yes |
- GitHub - site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | Hackademic | Yes |
- IBM
- Google - site Scripting (XSS), Cross-site Request Forgery (CSRF), Insecure Direct Object Reference (IDOR) | Google | Yes |
-
β Projects
- API Security Checklist
- RESTler - source, stateful REST API fuzzer for automatically testing API security. |
- GraphQL Shield - grained access control. |
- OWASP API Security Project - source project that aims to provide guidance and resources for API security. |
- ZAP API Scan - on that automates API security scanning. |
-
π» Breaches
- Bloomberg
- Experianβs Credit Freeze Security is Still a Joke
- Twitter Blog
- Bloomberg
- ZDNet
- Nintendo
- Capital One
- DoorDash Blog
- ZDNet
- The Hacker News
- Google Blog
- ABC News
- KrebsOnSecurity
- The Guardian
- ICO
- Uber Newsroom
- Ars Technica
- Gizmodo
- Twitter Blog
- Bloomberg
- Marriott
- The Information
- T-Mobile
- KrebsOnSecurity
- Wired
- Wired
- SolarWinds
- ABC News
- Microsoft says it thwarted recent cyberattack from group it calls βLapsus$β
- Bloomberg
- Bloomberg
- Bloomberg
- Bloomberg
- Bloomberg
- The Parler Hack Is a Reminder: The End-to-End Encryption Debate Isnβt Going Away
- Pelotonβs leaky API let anyone grab ridersβ private account data
- John Deere security flaw lets anyone download sensitive files from its site
- Bloomberg
- ZDNet
- BBC
- Bleeping Computer
- KrebsOnSecurity
- The Economic Times
- Facebook Newsroom
- Bloomberg
- Bloomberg
- Twitter Blog
- T-Mobile
- Bloomberg
- Bloomberg
-
π₯ Playlists
-
π³ OWASP API Top 10 2023
- API1:2023 - Broken Object Level Authorization
- API2:2023 - Broken Authentication
- API3:2023 - Broken Object Property Level Authorization
- API4:2023 - Unrestricted Resource Consumption
- API5:2023 - Broken Function Level Authorization
- API6:2023 - Unrestricted Access to Sensitive Business Flows
- API7:2023 - Server Side Request Forgery
- API8:2023 - Security Misconfiguration
- API9:2023 - Improper Inventory Management
- API10:2023 - Unsafe Consumption of APIs - party APIs and not trust them blindly. Attackers could exploit these third-party services to compromise your API. |
-
π Books
- Hacking APIs - test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. |
- API Security in Action
- GraphQL in Action - world case studies and examples, readers will gain a thorough understanding of how to use GraphQL in their projects while ensuring robust security measures are in place. |
- Hacking APIs - test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. |
- Practical API Architecture and Development with Azure and AWS - on approach to API architecture and development using Azure and AWS platforms. It covers topics such as API design, development, deployment, and management, with a focus on integrating cloud-based services. Readers will learn how to leverage the capabilities of these platforms to create efficient, secure, and scalable APIs. |
- Advanced API Security: OAuth 2.0 and Beyon - depth exploration of API security, with a focus on OAuth 2.0 and OpenID Connect protocols. It offers a detailed understanding of these protocols and their implementation, helping readers master the intricacies of API security. By the end of this book, readers will be well-versed in using OAuth |
- RESTful API Design: Best Practices in API Design with REST - performing RESTful APIs, this book provides guidance on versioning, pagination, and error handling. It also presents industry-proven patterns and anti-patterns to help readers avoid common pitfalls. With practical examples, readers will be able to apply these principles to their own API design projects. |
- OAuth 2.0: Getting Started in API Security - by-step guidance on implementing OAuth 2.0 and shares tips for maintaining security and performance. With this book, readers can confidently apply OAuth 2.0 to protect their APIs. |
- API Management: An Architect's Guide to Developing and Managing APIs for Your Organization
-
π Cheatsheets
-
π€ API Security Learning Path
- RESTful API Design
- Why is API Security Important?
- API Security: Challenges and Solutions
- Introduction to OAuth 2.0
- API Security Best Practices
- Rate Limiting in APIs
- Throttling in APIs
- Tutorial: Implement OAuth 2.0 and JWT
- API Security Testing
- Top 10 API Security Testing Tools
- Tutorial: Build a Secure RESTful API
- Input Validation for APIs
- Input Sanitization for APIs
- Transport Security in APIs
- Using HTTPS for API Security
-
π Specifications
- OpenAPI Specification (OAS)
- JSON Web Tokens (JWT) - safe means of representing claims to be transferred between parties. |
- RAML (RESTful API Modeling Language) - readable format. |
- WS-Security - based web services. |
- OAuth 2.0 - adopted authorization framework for securing API access. |
- GraphQL
- JSON:API
- API Blueprint - level API design language for describing and designing APIs. |
-
π Podcast
- The New Stack Podcast
- Darknet Diaries
- Risky Business
- Smashing Security
- The Privacy, Security, & OSINT Show - source intelligence topics, occasionally featuring API security discussions. |
- The CyberWire Daily Podcast
- Security Now
-
π Wikis & Collections
-
π Newseltters
-
π Join Our Community
-
π£ Stay Informed
- Twitter - security-community/).
-
β Checklists
- OWASP API Security Top 10 Checklist
- API Penetration Testing Checklist
- RESTful API Security Checklist
- API Security Audit Checklist
- OAuth 2.0 Security Checklist
- JSON Web Token (JWT) Security Checklist
- GraphQL Security Checklist
- API Documentation Security Checklist
- API Security Self-Assessment Checklist - assessment checklist for evaluating your organization's API security. |
-
πΊ Mind Maps
Programming Languages
Categories
π» Breaches
50
π₯ Playlists
18
π€ API Security Learning Path
15
π Vulnerable APIs
15
π³ OWASP API Top 10 2023
10
π Cheatsheets
9
β
Checklists
9
π Books
9
π Specifications
8
π Wikis & Collections
8
π Podcast
7
πΊ Mind Maps
5
β Projects
5
π Newseltters
4
π£ Stay Informed
1
π Join Our Community
1
Sub Categories
Keywords
security
5
owasp
5
owasp-top-10
4
appsec
4
api
4
owasp-top-ten
3
vulnerable
2
javascript
2
nodejs
2
docker
2
vulnerabilities
2
vulnerable-apps
1
testing
1
24pullrequests
1
hack
1
dvna
1
vulnerable-application
1
postman
1
php
1
hacktoberfest-accepted
1
exercises
1
cors
1
bugbounty
1
appsec-tutorials
1
apitop10
1
vulnerable-web-app
1
security-tools
1
api-rest
1
shield
1
server
1
permissions
1
graphql-yoga
1
graphql
1
apollo
1
oauth2
1
jwt
1
owasp-zap
1
nodegoat
1
heroku
1
web
1
training
1
top
1
penetration-testing
1
cybersecurity
1
application
1
10
1
ruby-on-rails
1
ruby
1
rails
1
owasp-top
1