🔖 Awesome API security testing tools and resources for API Bug-Hunters.
The awesome-api-security (aka awesome-apisec) repository is collection of awesome API Security tools and resources.
The focus goes to open-source tools and resources that benefit all the community.
• API Keys: Find and validate;
• Books;
• Cheatsheets;
• Checklist;
• Conferences;
• Deliberately vulnerable APIs;
• Design, Architecture, Development;
• Encyclopedias, Projects, Wikis and GitBooks;
• Enumeration, Scanning and exploration steps;
• Firewalls;
• Fuzzing, SecLists, Wordlists;
• HTTP 101;
• Mind maps;
• Newsletters;
• Other resources;
• Playlists;
• Podcasts;
• Presentations, Videos;
• Projects;
• Security APIs;
• Specifications;
• Tools;
• Training, Workshops, Labs;
• Twitter;
• Contributions.
#security #red_team #cybersecurity
The awesome-api-security (aka awesome-apisec) repository is collection of awesome API Security tools and resources.
The focus goes to open-source tools and resources that benefit all the community.
• API Keys: Find and validate;
• Books;
• Cheatsheets;
• Checklist;
• Conferences;
• Deliberately vulnerable APIs;
• Design, Architecture, Development;
• Encyclopedias, Projects, Wikis and GitBooks;
• Enumeration, Scanning and exploration steps;
• Firewalls;
• Fuzzing, SecLists, Wordlists;
• HTTP 101;
• Mind maps;
• Newsletters;
• Other resources;
• Playlists;
• Podcasts;
• Presentations, Videos;
• Projects;
• Security APIs;
• Specifications;
• Tools;
• Training, Workshops, Labs;
• Twitter;
• Contributions.
#security #red_team #cybersecurity
GitHub
GitHub - arainho/awesome-api-security: A collection of awesome API Security tools and resources. The focus goes to open-source…
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community. - arainho/awesome-api-security
• KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.
• https://github.com/streaak/keyhacks
#api #hack
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can…
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. - streaak/keyhacks
S.E.Book
Photo
OWASP Top 10 API 2023.pdf
930.8 KB
• API1:2023 - Broken Object Level Authorization;
• API2:2023 - Broken Authentication;
• API3:2023 - Broken Object Property Level Authorization;
• API4:2023 - Unrestricted Resource Consumption;
• API5:2023 - Broken Function Level Authorization;
• API6:2023 - Unrestricted Access to Sensitive Business Flows;
• API7:2023 - Server Side Request Forgery;
• API8:2023 - Security Misconfiguration;
• API9:2023 - Improper Inventory Management;
• API10:2023 - Unsafe Consumption of APIs.
#DevSecOps #Security #API
Please open Telegram to view this post
VIEW IN TELEGRAM
• По ссылке ниже можно найти бесплатную коллекцию заданий, которые научат Вас атаковать и защищать приложения, использующие GraphQL.
• Академия предоставляет подробные уроки, из которых Вы узнаете о различных уязвимостях и передовых методах обеспечения защиты.
Список доступных уроков:
- Prevent Mutation Brute-Force Attacks;
- Implement Object-Level Authorization;
- Disable Debug Mode for Production;
- Combat SQL Injections;
- Limit Query Complexity;
- Implement Field-Level Authorization;
- Configure HTTP Headers for User Protection;
- Validate JSON Inputs;
- Implement Resolver-Level Authorization.
В будущем будут опубликованы и другие уроки:
- Mitigate Server Side Request Forgery;
- Implement Rate-Limiting for Bot Deterrence;
- Abort Expensive Queries for Protection;
- Configure a Secure API Gateway;
- Limit Query Batching to Safeguard Resources;
- Implement List Pagination;
- Secure Third-Party API Interactions.
#API #GraphQL
Please open Telegram to view this post
VIEW IN TELEGRAM