api-security

There are 15 repositories under api-security topic.

• jassics / security-study-plan

  Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

  api-securityapplication-securityappsecappsec-tutorialsaws-securityazure-securitycybersecuritycybersecurity-educationdevsecops-universitygcp-securityinfosecpentestingsecurity-testingstudy-guidestudy-planstudy-planner
  4746

• arainho / awesome-api-security

  A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

  api-securityapi-secawesome-listapi-hackingapi-pentestapisecsecuritypentestfuzzingapi-hacksapi-huntinginfosecapi-hardening
  3548

• inonshk / 31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  pentestapi-pentestbug-bountyapi-securitysecuritybugbountytipsbugbountyinfosec
  2217

• API-Security / APIKit

  APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

  burp-extensionsapisecapi-securityapi-sec
  Language:Java 2199
• HolyTips

  HolyBugx / HolyTips

  A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

  apiapi-securitybugbountybugbounty-writeupsbugbountytipschecklistpentestpentestingsecuritywebwebappwebsecuritywriteups
  1929

• metlo-labs / metlo

  Metlo is an open-source API security platform.

  securityapi-gatewayapi-securityapplication-securitycybersecuritymonitoringvulnerabilitiesvulnerability-detectionmetloinfosecapi-pentestawsbugbountybugbounty-toolsinfosectoolspentest
  Language:TypeScript 1735

• wallarm / gotestwaf

  An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

  api-securitybugbountygraphql-securitygrpc-securityowasprest-securitysecuritysecurity-testingsecurity-toolswafweb-application-firewallweb-application-security
  Language:Go 1728
• uusec-waf

  Safe3 / uusec-waf

  Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

  wafapplication-securityweb-application-firewallmodsecurityweb-security-gatewayapi-gatewayapi-securitywaapsecurityddosowasphipsraspdata-maskxsssql-injectionuusecuusec-wafuuwafletsencrypt
  Language:Lua 1486

• openappsec / openappsec

  open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

  api-securityapplication-securitykubernetesnginxweb-application-firewallappsecdevsecopskongrate-limitingsecurity-toolsthreat-preventionwafowaspowasp-top-tennginx-proxy-manager
  Language:C++ 1415

• akto-api-security / akto

  Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

  api-securityapi-discoveryapi-security-testingapi-testingauthenticationauthorizationdevsecopsidorowasp-top-10securitysecurity-testingsensitive-data-exposurethreat-detectionhacktoberfesthacktoberfest2023devsecops-pipelineapi-security-posture
  Language:Java 1396
• cherrybomb

  blst-security / cherrybomb

  Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

  blstfirecrackerclicybercybersecuritybusiness-logicsecurity-toolssecurityapiapi-securitybest-practiceshttpopenapiopenapi3open-sourcewebsecurityweb-securityweb-sec-scanner
  Language:Rust 1222

• Zeyad-Azima / Offensive-Resources

  A Huge Learning Resources with Labs For Offensive Security Players

  apiapi-securitycloud-securitycybersecurityhackhackinginfrastructurelearningmobilemobile-securityoffensiveoffensive-securityowaspowasp-top-10red-teamred-teamingredteamsecuritywebweb-security
  1003
• MindAPI

  dsopas / MindAPI

  Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

  hackingmethodologymindmapmindapiapi-security
  853

• wallarm / awesome-nginx-security

  🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

  nginxmodsecuritywafnaxsiawesome-listawesome-listssecuritywebserverload-balancernginx-securitynginx-servermod-securitynginx-environmentnginx-configurationkubernetesapplication-securityapi-securityapigateway
  773

• Mehdi0x90 / Web_Hacking

  Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

  api-pentestbugbountyhackingpayloadspenetration-testingreconweb-application-securitywebhackingwebsecuritybypasscheatsheetpentestsecurityvulnerabilityexploitapi-securitybug-bounty-huntersowaspenumerationredteam
  694

• OWASP / OFFAT

  The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

  api-hackingapi-restapi-securityapi-security-testingowaspoffat
  Language:Python 653
• api-firewall

  wallarm / api-firewall

  Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

  apiapi-firewallapi-gatewayapi-securityapi-wafapi-wrapperapigatewayfirewallopenapiopenapi-securityopenapi-specopenapi-specificationproxyrest-securitysecuritysecurity-toolsswaggerwafweb-application-firewallweb-application-security
  Language:Go 640
• apiclarity

  openclarity / apiclarity

  An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

  api-securityenvoyistiok8skubernetesmicroservicemicroservicesopenapiopenapi-specopenapi-specificationservice-meshshadow-apiswaggerwasmzombie-api
  Language:Go 552

• adhocore / php-jwt

  Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.4+. This library makes JWT a cheese. It is a minimal JWT integration for PHP.

  php7php-jwtjson-web-tokenapi-authjwtjwt-authjwt-authenticationapi-securityoauth2json-web-token-phpjson-web-signatureadhocorephp8php
  Language:PHP 299

• mytechnotalent / Go-Hacking

  A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.

  apiapi-securityapi-servicesarmarm32arm64cybercybersecuritydistributedgogolanghackhackingidaida-prointelreverse-engineeringsystemsystemswindows
  Language:Go 230

• yogsec / API-Pentesting-Tools

  API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).

  apiapi-securityapi-security-testingapi-toolsapi-bug-bountyapi-pentesting-toolapi-pentesting-toolsapi-security-toolsapi-testing-toolsapi-hackingapi-seccybersecuritycybersecurity-educationosintapi-cybersecurityapi-kali-linuxethical-hacking-toolspythontools
  225

• cerberauth / vulnapi

  API Security Vulnerability Scanner designed to help you secure your APIs.

  jwtvulnerability-scannerscybersecuritydastgraphqlopenapisecurity-scannersecurity-toolsapi-securityapi-testingauthenticationauthorizationowasp-top-10api-security-testingsecurity
  Language:Go 217

• TPIsoftwareOSPO / digiRunner-Open-Source

  digiRunner: Your API Gateway for Microservices

  apiapimgatewayapi-managementapi-gatewayapi-monitoringapi-proxyapi-securitycloud-nativehierarchical-structurelightweightmicroservicesopen-sourceperformancedockerkubernetesreverse-proxyapi-keyapi-key-authenticationapi-key-management
  Language:Java 197

• CyberAlbSecOP / Awesome_CyberSec_Bible

  Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hacking, Social Engineering, Privacy, Incident Response, Threat Assestment, Personal Security, Ai Security, Android Security, Iot Security, Standards.

  ai-securityapi-securitybug-bountycloud-securitycyber-securitycybersecuritydevsecopsethical-hackinghackingincident-responsemalware-analysisos-securitypenetration-testingpentestingprivacysecuritysocial-engineeringthreat-intelligenceweb-application-security
  136

• piomin / sample-spring-oauth2-microservices

  some examples that show basic and more advanced implementations of oauth2 authorization mechanism in spring-cloud microservices environment

  oauthmicroservices-securityoauth2jwtspring-securityspring-security-oauth2spring-bootspring-cloudzuulapi-securityauthorization
  Language:Java 134

• abunuwas / fencer

  Automated API security testing

  apiapi-securityapi-security-testingjwtsecuritysql-injectionopenapiowasp-top-10testinggraphqloauth2rest-api
  Language:Python 88

• approov / shipfast-api-protection

  Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.

  apiapi-clientapisapi-securityapi-serverapi-secretapi-keysapi-keyapi-key-authenticationmobilemobile-appmobile-developmentmobile-securitymobile-security-frameworkmobile-app-securitymobile-app-attestationapproovcertificate-pinningpinninghmac-authentication
  Language:Kotlin 82

• ionutbalosin / java-application-security-practices

  Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.

  api-securityauthorization-code-flowauthorization-code-flow-with-pkceclient-credentials-flowcorscspdastjava-process-securityjson-web-key-setjwksoauth-grant-typespassword-flowroles-based-access-controlsastscasecurity-design-principlessecurity-loggingsecurity-testingtoken-introspection
  Language:Java 60

• Escape-Technologies / graphql-security-academy

  🔒 A free, open-source platform dedicated to understand and secure GraphQL applications — all directly in your browser!

  hacktoberfesthacktoberfest2023graphqllearningapi-securitysecuritycertificationcommunityeducation
  Language:Svelte 59

• OWASP / www-project-api-security

  OWASP Foundation Web Repository

  api-securityowasp
  Language:HTML 47

• aws-samples / step-up-auth

  How to implement Step-up Authentication using Amazon Cognito

  step-up-authenticationadaptive-authenticationstep-up-authadaptive-authcognitoapi-gatewaylambdadynamodbcdktypescriptnodeapplication-securityapi-securityrbarule-based-authentication
  Language:TypeScript 35

• dotnet-labs / HerokuContainer

  Dockerized ASP.NET Core Web API app in Heroku

  dockercontainerdotnetdotnetcorewebappapiswaggerfile-uploadapi-securityauthenticationauthorizationauthdotnet5
  Language:C# 34

• chambits / nest-keycloak-oauth

  Secure NestJs Rest API with Keycloak

  api-securityjwt-authenticationkeycloaknestjsrestapi
  Language:TypeScript 32

• wallarm / docker-wallarm-node

  ⚡️ Official docker image for Wallarm Node. API security platform agent.

  nginxwafsecurity-toolssecurityweb-application-firewallapi-securityrest-securityopenapi-securityenvoyproxysecurity-automationapi-firewallapplication-firewallsecurity-scannersecurity-audit
  Language:Go 32

• approov / AppAuth-OAuth2-Books-Demo

  A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

  mobilemobile-securitymobile-appapi-securityapproovapproov-demo
  Language:Java 27
• api-crypto-spring-boot

  itrondi / api-crypto-spring-boot

  api-crypto-spring-boot 是基于 Spring Boot 开发的控制器统一注解方式自动加解密 请求体、响应体 的启动器，该组件能够提供在 接口交互过程中数据的安全保护能力。支持常见的 加解密算法、编码、签名 等模式;

  api-security
  Language:Java 22