api-security

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

This challenge is Inon Shkedy's 31 days API Security Tips.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Metlo is an open-source API security platform.

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

A Huge Learning Resources with Labs For Offensive Security Players

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.4+. This library makes JWT a cheese. It is a minimal JWT integration for PHP.

API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).