Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-apisec

https://github.com/jcabrale/awesome-apisec

Last synced: about 23 hours ago
JSON representation

Awesome Repositories
- awesome-security-apis
Tools
- BatchQL
- clairvoyance
- InQL - A Burp Extension for GraphQL Security Testing. |
- GraphQLmap
- graphql-path-enum
- graphql-playground
- APICheck
- APIFuzzer
- APIKit
- Arjun
- Astra
- Automatic API Attack Tool
- ffuf
- fuzzapi - Fuzzerd uses API_Fuzzer gem. |
- gotestwaf - source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses |
- kiterunner
- RESTler
- Swagger-EZ
- TnT-Fuzzer
- wadl-dumper
- fuzz-lightyear - inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing. |
- Wsdler
- wsdl-wizard
- SoapUI - source cross-platform functional testing solution for APIs and web services. |
- Firecracker
- Firecracker
- APIClarity - time workload traffic seamlessly. |
Wiki's, Encyclopedias, GitBook's
- Web API Pentesting - Web API Pentesting |
- APIs Pentest Book - APIs Pentest Book |
Other useful resources
- How to Hack an API and Get Away with It
- API Security Guide
- API Security best practices guide - API Security Best Practices MegaGuide |
- API Pentesting with Swagger Files
- API security articles - API security articles. |
- How to Hack API in 60 minutes with Open Source Tools
- Fixing the 13 most common GraphQL Vulnerabilities
- Hacking APIs - Notes from Bug Bounty Bootcamp
- API and microservice security
- The Fault in Our Stars
- API Security Guide
- GraphQL penetration testing
Checklist
- API-Security-Checklist
- API audit checklist
- another API Security checklist
- OAuth2: Security checklist
- 31 days of API Security Tips
Training, Walkthrough, Labs
- Pentesting Lab: vAPI - Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises. |
- ShipFast - Practical API Security Walkthrough
- Kontra - OWASP Top 10 for API
- Hacker101 CTFs - GraphQL challenges
API Keys: Find and validate
- Key-Checker
- Keyhacks
- Private key usage verification
- API Key Leaks: Tools and exploits
Firewalls
- Wallarm Free API Firewall - weight API proxy firewall for request and response validation by OpenAPI specs. |
Deliberately vulnerable APIs
- APISandbox - Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose. |
- crAPI
- Damn-Vulnerable-GraphQL-Application
- DamnVulnerableMicroServices
- dvws-node
- Generic-University
- VAmPI
- Websheep
HTTP 101
- Know your HTTP * Well - types, methods, relations and status codes, all summarized and linking to their specification. |
- Know your HTTP Headers!
- Know your HTTP Methods!
- Know your HTTP Status codes!
Specifications
- RAML
- AscyncAPI
- OpenAPI
- JSON API
- GraphQL
Mind maps
- David Sopas
- Mufaddal Masalawala
- Harsh Bothra
Cheatsheets
- REST Security Cheat Sheet - OWASP Cheat Sheet Series |
- REST Assessment Cheat Sheet - OWASP Cheat Sheet Series |
- OWASP API Security Top 10 - OWASP API Security Top 10 |
- GraphQL Cheat Sheet - OWASP Cheat Sheet Series |
- Microservices Security Cheat Sheet - OWASP Security Cheat Sheet |
- JSON Web Token Security Cheat Sheet - JSON Web Token Security Cheat Sheet |
Books
- API Security in Action
- Hacking APIs
Enumeration, Scanning
- Burp enumeration
- ZAP scanning
- w3af scanning
Fuzzing, SecLists
- Common API endpoints
- List of API endpoints & objects
- List of Swagger endpoints
- SecLists for API's web-content discovery
- Kiterunner Wordlists
- API Routes Wordlists - Automated Wordlists provided by Assetnote |
- API Common methods
- GraphQL SecList
Presentations, Videos
- pentesting-rest-apis
- Securing your APIs - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo. |
Podcasts
- Hack Your API-Security Testing - Security Testing. |
- Episode 38 API Security Best Practices
Projects
- owasp api security project - API Security Top 10 |
Newsletters
- api security articles - The Latest API Security News, Vulnerabilities & Best Practices. |
Twitter
- @apisecurityio
Design, Architecture, Development
- Understanding gRPC, OpenAPI and REST
- REST API Design Guide
- How to design a REST API - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
- Awesome REST
- Collect API Requirements
- API Audit

Programming Languages

Python 13 Go 8 Java 5 JavaScript 4 TypeScript 2 Emacs Lisp 1 PHP 1 FreeMarker 1 Kotlin 1 HTML 1

Ecosyste.ms: Awesome

awesome-apisec

Awesome Repositories

Tools

Wiki's, Encyclopedias, GitBook's

Other useful resources

Checklist

Training, Walkthrough, Labs

API Keys: Find and validate

Firewalls

Deliberately vulnerable APIs

HTTP 101

Specifications

Mind maps

Cheatsheets

Books

Enumeration, Scanning

Fuzzing, SecLists

Presentations, Videos

Podcasts

Projects

Newsletters

Twitter

Design, Architecture, Development