Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-apisec
https://github.com/jcabrale/awesome-apisec
Last synced: about 21 hours ago
JSON representation
-
Awesome Repositories
-
Tools
- BatchQL
- clairvoyance
- InQL - A Burp Extension for GraphQL Security Testing. |
- GraphQLmap
- graphql-path-enum
- graphql-playground
- APICheck
- APIFuzzer
- APIKit
- Arjun
- Astra
- Automatic API Attack Tool
- ffuf
- fuzzapi - Fuzzerd uses API_Fuzzer gem. |
- gotestwaf - source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses |
- kiterunner
- RESTler
- Swagger-EZ
- TnT-Fuzzer
- wadl-dumper
- fuzz-lightyear - inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing. |
- Wsdler
- wsdl-wizard
- SoapUI - source cross-platform functional testing solution for APIs and web services. |
- Firecracker
- Firecracker
- APIClarity - time workload traffic seamlessly. |
-
Wiki's, Encyclopedias, GitBook's
- Web API Pentesting - Web API Pentesting |
- APIs Pentest Book - APIs Pentest Book |
-
Other useful resources
- How to Hack an API and Get Away with It
- API Security Guide
- API Security best practices guide - API Security Best Practices MegaGuide |
- API Pentesting with Swagger Files
- API security articles - API security articles. |
- How to Hack API in 60 minutes with Open Source Tools
- Fixing the 13 most common GraphQL Vulnerabilities
- Hacking APIs - Notes from Bug Bounty Bootcamp
- API and microservice security
- The Fault in Our Stars
- API Security Guide
- GraphQL penetration testing
-
Checklist
-
Training, Walkthrough, Labs
- Pentesting Lab: vAPI - Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises. |
- ShipFast - Practical API Security Walkthrough
- Kontra - OWASP Top 10 for API
- Hacker101 CTFs - GraphQL challenges
-
API Keys: Find and validate
-
Firewalls
- Wallarm Free API Firewall - weight API proxy firewall for request and response validation by OpenAPI specs. |
-
Deliberately vulnerable APIs
- APISandbox - Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose. |
- crAPI
- Damn-Vulnerable-GraphQL-Application
- DamnVulnerableMicroServices
- dvws-node
- Generic-University
- VAmPI
- Websheep
-
HTTP 101
- Know your HTTP * Well - types, methods, relations and status codes, all summarized and linking to their specification. |
- Know your HTTP Headers!
- Know your HTTP Methods!
- Know your HTTP Status codes!
-
Specifications
-
Mind maps
-
Cheatsheets
- REST Security Cheat Sheet - OWASP Cheat Sheet Series |
- REST Assessment Cheat Sheet - OWASP Cheat Sheet Series |
- OWASP API Security Top 10 - OWASP API Security Top 10 |
- GraphQL Cheat Sheet - OWASP Cheat Sheet Series |
- Microservices Security Cheat Sheet - OWASP Security Cheat Sheet |
- JSON Web Token Security Cheat Sheet - JSON Web Token Security Cheat Sheet |
-
Books
-
Enumeration, Scanning
-
Fuzzing, SecLists
- Common API endpoints
- List of API endpoints & objects
- List of Swagger endpoints
- SecLists for API's web-content discovery
- Kiterunner Wordlists
- API Routes Wordlists - Automated Wordlists provided by Assetnote |
- API Common methods
- GraphQL SecList
-
Presentations, Videos
- pentesting-rest-apis
- Securing your APIs - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo. |
-
Podcasts
- Hack Your API-Security Testing - Security Testing. |
- Episode 38 API Security Best Practices
-
Projects
- owasp api security project - API Security Top 10 |
-
Newsletters
- api security articles - The Latest API Security News, Vulnerabilities & Best Practices. |
-
Twitter
-
Design, Architecture, Development
- Understanding gRPC, OpenAPI and REST
- REST API Design Guide
- How to design a REST API - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.
- Awesome REST
- Collect API Requirements
- API Audit
Programming Languages
Categories
Tools
27
Other useful resources
12
Deliberately vulnerable APIs
8
Fuzzing, SecLists
8
Design, Architecture, Development
6
Cheatsheets
6
Specifications
5
Checklist
5
Training, Walkthrough, Labs
4
HTTP 101
4
API Keys: Find and validate
4
Enumeration, Scanning
3
Mind maps
3
Wiki's, Encyclopedias, GitBook's
2
Books
2
Podcasts
2
Presentations, Videos
2
Newsletters
1
Awesome Repositories
1
Firewalls
1
Projects
1
Twitter
1
Sub Categories
Keywords
security
10
api
9
graphql
6
owasp
5
api-security
5
security-tools
4
openapi
4
bugbounty
4
swagger
4
penetration-testing
4
fuzzer
4
graphql-security
3
pentesting
2
rest-security
2
fuzz
2
rest
2
waf
2
python
2
web-application-firewall
2
web-application-security
2
openapi-specification
2
burp-extensions
2
bugbounty-tool
2
openapi-spec
2
json-api
2
json
2
restapiautomation
1
sdlc
1
postman-collection
1
penetration-testing-framework
1
ci-cd
1
recon
1
parameter-discovery
1
api-testing
1
api-fuzzing
1
security-automation
1
infosec
1
web
1
automation
1
rails
1
ruby
1
security-vulnerability
1
grpc-security
1
security-testing
1
fuzzing
1
bugbountytips
1
go
1
golang
1
wadl
1
xml
1