api-security

There are 11 repositories under api-security topic.

jassics / security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
api-security application-security appsec appsec-tutorials aws-security azure-security cybersecurity cybersecurity-education devsecops-university gcp-security infosec pentesting security-testing study-guide study-plan study-planner
4094
arainho / awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
api-hacking api-hacks api-hardening api-hunting api-pentest api-sec api-security apisec awesome-list fuzzing infosec pentest security
2714
inonshk / 31-days-of-API-Security-Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
api-pentest api-security bug-bounty bugbounty bugbountytips infosec pentest security
2058
HolyTips
HolyBugx / HolyTips
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
api api-security bugbounty bugbounty-writeups bugbountytips checklist pentest pentesting security web webapp websecurity writeups
1721
API-Security / APIKit
APIKit：Discovery, Scan and Audit APIs Toolkit All In One.
api-sec api-security apisec burp-extensions
Language:Java 1690
metlo-labs / metlo
Metlo is an open-source API security platform.
security api-gateway api-security application-security cybersecurity monitoring vulnerabilities vulnerability-detection metlo infosec api-pentest aws bugbounty bugbounty-tools infosectools pentest
Language:TypeScript 1565
wallarm / gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
api-security bugbounty graphql-security grpc-security owasp rest-security security security-testing security-tools waf web-application-firewall web-application-security
Language:Go 1396
cherrybomb
blst-security / cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
api api-security best-practices blst business-logic cli cyber cybersecurity firecracker http open-source openapi openapi3 security security-tools web-sec-scanner web-security websecurity
Language:Rust 1041
Zeyad-Azima / Offensive-Resources
A Huge Learning Resources with Labs For Offensive Security Players
api api-security cloud-security cybersecurity hack hacking infrastructure learning mobile mobile-security offensive offensive-security owasp owasp-top-10 red-team red-teaming redteam security web web-security
830
akto-api-security / akto
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
api-discovery api-security api-security-testing api-testing authentication authorization devsecops devsecops-pipeline docker docker-compose hacktoberfest hacktoberfest2023 idor owasp-top-10 react security security-testing sensitive-data-exposure threat-detection
Language:Java 801
MindAPI
dsopas / MindAPI
Organize your API security assessment by using MindAPI. It's free and open for community collaboration.
api-security hacking methodology mindapi mindmap
774
wallarm / awesome-nginx-security
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
nginx modsecurity waf naxsi awesome-list awesome-lists security webserver load-balancer nginx-security nginx-server mod-security nginx-environment nginx-configuration kubernetes application-security api-security apigateway
683
openappsec / openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
api-security application-security appsec devsecops kong kubernetes nginx nginx-proxy-manager owasp owasp-top-ten rate-limiting security-tools threat-prevention waf web-application-firewall
Language:C++ 646
api-firewall
wallarm / api-firewall
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
proxy firewall waf api-gateway apigateway api-wrapper security-tools security api-security api api-firewall openapi-specification openapi swagger openapi-security rest-security api-waf web-application-security web-application-firewall openapi-spec
Language:Go 527
uuWAF
Safe3 / uuWAF
A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
waf application-security web-application-firewall modsecurity web-security-gateway api-gateway api-security waap security uuwaf ddos http-flood owasp
Language:C 477
apiclarity
openclarity / apiclarity
An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks.
api-security envoy istio k8s kubernetes microservice microservices openapi openapi-spec openapi-specification service-mesh shadow-api swagger wasm zombie-api
Language:Go 469
adhocore / php-jwt
Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.2. This library makes JWT a cheese. It is a minimal JWT integration for PHP.
php7 php-jwt json-web-token api-auth jwt jwt-auth jwt-authentication api-security oauth2 json-web-token-php json-web-signature adhocore php8 php
Language:PHP 283
Mehdi0x90 / Web_Hacking
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
api-pentest bugbounty hacking payloads penetration-testing recon web-application-security webhacking websecurity bypass cheatsheet pentest security vulnerability exploit api-security bug-bounty-hunters owasp enumeration redteam
182
mytechnotalent / Go-Hacking
A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.
api api-security api-services arm arm32 arm64 cyber cybersecurity distributed go golang hack hacking ida ida-pro intel reverse-engineering system systems windows
Language:Go 166
piomin / sample-spring-oauth2-microservices
some examples that show basic and more advanced implementations of oauth2 authorization mechanism in spring-cloud microservices environment
api-security authorization jwt microservices-security oauth oauth2 spring-boot spring-cloud spring-security spring-security-oauth2 zuul
Language:Java 129
OWASP / OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
api-hacking api-rest api-security api-security-testing offat owasp
Language:Python 83
abunuwas / fencer
Automated API security testing
api api-security api-security-testing graphql jwt oauth2 openapi owasp-top-10 rest-api security sql-injection testing
Language:Python 65
approov / shipfast-api-protection
Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.
api api-client apis api-security api-server api-secret api-keys api-key api-key-authentication mobile mobile-app mobile-development mobile-security mobile-security-framework mobile-app-security mobile-app-attestation approov certificate-pinning pinning hmac-authentication
Language:Kotlin 64
OWASP / www-project-api-security
OWASP Foundation Web Repository
api-security owasp
Language:HTML 47
Escape-Technologies / graphql-security-academy
🔒 A free, open-source platform dedicated to understand and secure GraphQL applications — all directly in your browser!
api-security certification community education graphql hacktoberfest hacktoberfest2023 learning security
Language:Svelte 42
dotnet-labs / HerokuContainer
Dockerized ASP.NET Core Web API app in Heroku
docker container dotnet dotnetcore webapp api swagger file-upload api-security authentication authorization auth dotnet5
Language:C# 31
aws-samples / step-up-auth
How to implement Step-up Authentication using Amazon Cognito
step-up-authentication adaptive-authentication step-up-auth adaptive-auth cognito api-gateway lambda dynamodb cdk typescript node application-security api-security rba rule-based-authentication
Language:TypeScript 28
wallarm / docker-wallarm-node
⚡️ Docker official image for Wallarm Node. API security platform agent.
nginx waf security-tools security web-application-firewall api-security rest-security openapi-security envoyproxy security-automation api-firewall application-firewall security-scanner security-audit
Language:Shell 27
chamithrepo / nest-keycloak-oauth
Secure NestJs Rest API with Keycloak
api-security jwt-authentication keycloak nestjs restapi
Language:TypeScript 26
approov / AppAuth-OAuth2-Books-Demo
A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk
mobile mobile-security mobile-app api-security approov approov-demo
Language:Java 25
miztiik / secure-private-api
AWS API Gateway Security Deep dive
api-gateway api-security aws cdk cloud-development-kit miztiik private-endpoint resource-policy
Language:Python 22
imhego / HEGO-Wiki
HEGO Hunting Wiki | Offensive Cybersecurity Checklist
api-security awsome-list bugbounty bugbounty-tools bugbountytips bugcrowd burpsuite cheatsheet hackerone hacking methodology nuclei offensive-security owasp penetration-testing red-team-tools security web-security webhacking
13
jessety / simple-hmac-auth
Protocol specification and Node library designed to make building APIs that use HMAC signatures simple
nodejs api-security hmac-authentication request-signing request-signatures simple-hmac-auth
Language:TypeScript 13
hellsing
Fricciolosa-Red-Team / hellsing
Sniper. Passive Secrets Hunting.🚬
token api secrets secret-keys secrets-scan secrets-detection api-security information-extraction information-disclosure information-discovery
Language:JavaScript 12
appsec-notes
nybble04 / appsec-notes
My Application Security Notes - web, mobile, thick client, API, and more.
api-security application-security cybersecurity mobile-security owasp-top-10 web-security information-security interview-preperation penetration-testing secure-coding security-engineer source-code-analysis vulnerability-assessment
12
paulveillard / cybersecurity-API-security-checklist
An ongoing collection of awesome software, API libraries, checlists, best guidelines and resources and most important security countermeasures when designing, testing, and releasing your API.
api-authentication api-authorizarion api-automation api-blueprint api-call api-client api-communication api-consumer api-design api-development-platform api-documentation api-documentation-tool api-endpoints api-generator api-security api-server secure-api
12

api-security

jassics / security-study-plan

arainho / awesome-api-security

inonshk / 31-days-of-API-Security-Tips

HolyBugx / HolyTips

API-Security / APIKit

metlo-labs / metlo

wallarm / gotestwaf

blst-security / cherrybomb

Zeyad-Azima / Offensive-Resources

akto-api-security / akto

dsopas / MindAPI

wallarm / awesome-nginx-security

openappsec / openappsec

wallarm / api-firewall

Safe3 / uuWAF

openclarity / apiclarity

adhocore / php-jwt

Mehdi0x90 / Web_Hacking

mytechnotalent / Go-Hacking

piomin / sample-spring-oauth2-microservices

OWASP / OFFAT

abunuwas / fencer

approov / shipfast-api-protection

OWASP / www-project-api-security

Escape-Technologies / graphql-security-academy

dotnet-labs / HerokuContainer

aws-samples / step-up-auth

wallarm / docker-wallarm-node

chamithrepo / nest-keycloak-oauth

approov / AppAuth-OAuth2-Books-Demo

miztiik / secure-private-api

imhego / HEGO-Wiki

jessety / simple-hmac-auth

Fricciolosa-Red-Team / hellsing

nybble04 / appsec-notes

paulveillard / cybersecurity-API-security-checklist