api-security

There are 12 repositories under api-security topic.

• jassics / security-study-plan

  Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

  api-securityapplication-securityappsecappsec-tutorialsaws-securityazure-securitycybersecuritycybersecurity-educationdevsecops-universitygcp-securityinfosecpentestingsecurity-testingstudy-guidestudy-planstudy-planner
  4359

• arainho / awesome-api-security

  A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

  api-hackingapi-hacksapi-hardeningapi-huntingapi-pentestapi-secapi-securityapisecawesome-listfuzzinginfosecpentestsecurity
  2989

• inonshk / 31-days-of-API-Security-Tips

  This challenge is Inon Shkedy's 31 days API Security Tips.

  api-pentestapi-securitybug-bountybugbountybugbountytipsinfosecpentestsecurity
  2096

• API-Security / APIKit

  APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

  api-secapi-securityapisecburp-extensions
  Language:Java 1877
• HolyTips

  HolyBugx / HolyTips

  A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

  apiapi-securitybugbountybugbounty-writeupsbugbountytipschecklistpentestpentestingsecuritywebwebappwebsecuritywriteups
  1796

• metlo-labs / metlo

  Metlo is an open-source API security platform.

  api-gatewayapi-pentestapi-securityapplication-securityawsbugbountybugbounty-toolscybersecurityinfosecinfosectoolsmetlomonitoringpentestsecurityvulnerabilitiesvulnerability-detection
  Language:TypeScript 1602

• wallarm / gotestwaf

  An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

  owaspapi-securitysecuritybugbountysecurity-toolswafweb-application-securityweb-application-firewallsecurity-testinggraphql-securitygrpc-securityrest-security
  Language:Go 1534
• cherrybomb

  blst-security / cherrybomb

  Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

  blstfirecrackerclicybercybersecuritybusiness-logicsecurity-toolssecurityapiapi-securitybest-practiceshttpopenapiopenapi3open-sourcewebsecurityweb-securityweb-sec-scanner
  Language:Rust 1119

• akto-api-security / akto

  Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

  api-discoveryapi-securityapi-security-testingapi-testingauthenticationauthorizationdevsecopsdevsecops-pipelinehacktoberfesthacktoberfest2023idorowasp-top-10securitysecurity-testingsensitive-data-exposurethreat-detection
  Language:Java 995

• Zeyad-Azima / Offensive-Resources

  A Huge Learning Resources with Labs For Offensive Security Players

  apiinfrastructurelearningsecuritymobilewebhackhackingowaspcybersecurityweb-securitymobile-securityoffensiveoffensive-securityred-teamowasp-top-10redteamcloud-securityapi-securityred-teaming
  895

• openappsec / openappsec

  open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

  api-securityapplication-securitykubernetesnginxweb-application-firewallappsecdevsecopskongrate-limitingsecurity-toolsthreat-preventionwafowaspowasp-top-tennginx-proxy-manager
  Language:C++ 849
• MindAPI

  dsopas / MindAPI

  Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

  hackingmethodologymindmapmindapiapi-security
  817

• wallarm / awesome-nginx-security

  🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

  nginxmodsecuritywafnaxsiawesome-listawesome-listssecuritywebserverload-balancernginx-securitynginx-servermod-securitynginx-environmentnginx-configurationkubernetesapplication-securityapi-securityapigateway
  728
• uuWAF

  Safe3 / uuWAF

  A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展，支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP

  wafapplication-securityweb-application-firewallmodsecurityweb-security-gatewayapi-gatewayapi-securitywaapsecurityuuwafddoshttp-floodowasp
  Language:C 675
• api-firewall

  wallarm / api-firewall

  Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

  apiapi-firewallapi-gatewayapi-securityapi-wafapi-wrapperapigatewayfirewallopenapiopenapi-securityopenapi-specopenapi-specificationproxyrest-securitysecuritysecurity-toolsswaggerwafweb-application-firewallweb-application-security
  Language:Go 583
• apiclarity

  openclarity / apiclarity

  An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

  api-securityenvoyistiok8skubernetesmicroservicemicroservicesopenapiopenapi-specopenapi-specificationservice-meshshadow-apiswaggerwasmzombie-api
  Language:Go 509

• OWASP / OFFAT

  The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

  api-hackingapi-restapi-securityapi-security-testingowaspoffat
  Language:Python 453

• adhocore / php-jwt

  Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.2. This library makes JWT a cheese. It is a minimal JWT integration for PHP.

  adhocoreapi-authapi-securityjson-web-signaturejson-web-tokenjson-web-token-phpjwtjwt-authjwt-authenticationoauth2phpphp-jwtphp7php8
  Language:PHP 294

• Mehdi0x90 / Web_Hacking

  Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

  api-pentestapi-securitybug-bounty-huntersbugbountybypasscheatsheetenumerationexploithackingowasppayloadspenetration-testingpentestreconredteamsecurityvulnerabilityweb-application-securitywebhackingwebsecurity
  232

• mytechnotalent / Go-Hacking

  A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.

  apiapi-securityapi-servicesarmarm32arm64cybercybersecuritydistributedgogolanghackhackingidaida-prointelreverse-engineeringsystemsystemswindows
  Language:Go 197

• piomin / sample-spring-oauth2-microservices

  some examples that show basic and more advanced implementations of oauth2 authorization mechanism in spring-cloud microservices environment

  oauthmicroservices-securityoauth2jwtspring-securityspring-security-oauth2spring-bootspring-cloudzuulapi-securityauthorization
  Language:Java 134

• abunuwas / fencer

  Automated API security testing

  apiapi-securityapi-security-testingjwtsecuritysql-injectionopenapiowasp-top-10testinggraphqloauth2rest-api
  Language:Python 78

• approov / shipfast-api-protection

  Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.

  apiapi-clientapisapi-securityapi-serverapi-secretapi-keysapi-keyapi-key-authenticationmobilemobile-appmobile-developmentmobile-securitymobile-security-frameworkmobile-app-securitymobile-app-attestationapproovcertificate-pinningpinninghmac-authentication
  Language:Kotlin 73

• Escape-Technologies / graphql-security-academy

  🔒 A free, open-source platform dedicated to understand and secure GraphQL applications — all directly in your browser!

  api-securitycertificationcommunityeducationgraphqlhacktoberfesthacktoberfest2023learningsecurity
  Language:Svelte 51

• OWASP / www-project-api-security

  OWASP Foundation Web Repository

  api-securityowasp
  Language:HTML 47

• cerberauth / vulnapi

  VulnAPI is an open-source project designed to help you scan your APIs for security vulnerabilities and weaknesses.

  jwtvulnerability-scannerscybersecuritydastgraphqlopenapisecurity-scannersecurity-toolsapi-securityapi-testingauthenticationauthorizationowasp-top-10api-security-testingsecurityhacktoberfest
  Language:Go 41

• CyberAlbSecOP / Awesome_CyberSec_Bible

  Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hacking, Social Engineering, Privacy, Incident Response, Threat Assestment, Personal Security, Ai Security, Android Security, Iot Security, Standards.

  ai-securityapi-securitybug-bountycloud-securitycyber-securitycybersecuritydevsecopsethical-hackinghackingincident-responsemalware-analysisos-securitypenetration-testingpentestingprivacysecuritysocial-engineeringthreat-intelligenceweb-application-security
  36

• dotnet-labs / HerokuContainer

  Dockerized ASP.NET Core Web API app in Heroku

  dockercontainerdotnetdotnetcorewebappapiswaggerfile-uploadapi-securityauthenticationauthorizationauthdotnet5
  Language:C# 34

• wallarm / docker-wallarm-node

  ⚡️ Official docker image for Wallarm Node. API security platform agent.

  nginxwafsecurity-toolssecurityweb-application-firewallapi-securityrest-securityopenapi-securityenvoyproxysecurity-automationapi-firewallapplication-firewallsecurity-scannersecurity-audit
  Language:Shell 32

• aws-samples / step-up-auth

  How to implement Step-up Authentication using Amazon Cognito

  step-up-authenticationadaptive-authenticationstep-up-authadaptive-authcognitoapi-gatewaylambdadynamodbcdktypescriptnodeapplication-securityapi-securityrbarule-based-authentication
  Language:TypeScript 30

• chamithrepo / nest-keycloak-oauth

  Secure NestJs Rest API with Keycloak

  api-securityjwt-authenticationkeycloaknestjsrestapi
  Language:TypeScript 29

• approov / AppAuth-OAuth2-Books-Demo

  A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

  mobilemobile-securitymobile-appapi-securityapproovapproov-demo
  Language:Java 26

• miztiik / secure-private-api

  AWS API Gateway Security Deep dive

  miztiikawsapi-securityprivate-endpointcloud-development-kitcdkapi-gatewayresource-policy
  Language:Python 22

• imhego / HEGO-Wiki

  HEGO Hunting Wiki | Offensive Cybersecurity Checklist

  api-securityawsome-listbugbountybugbounty-toolsbugbountytipsbugcrowdburpsuitecheatsheethackeronehackingmethodologynucleioffensive-securityowasppenetration-testingred-team-toolssecurityweb-securitywebhacking
  19
• api-crypto-spring-boot

  itrondi / api-crypto-spring-boot

  api-crypto-spring-boot 是基于 Spring Boot 开发的控制器统一注解方式自动加解密 请求体、响应体 的启动器，该组件能够提供在 接口交互过程中数据的安全保护能力。支持常见的 加解密算法、编码、签名 等模式;

  api-security
  Language:Java 16

• jessety / simple-hmac-auth

  Protocol specification and Node library designed to make building APIs that use HMAC signatures simple

  nodejsapi-securityhmac-authenticationrequest-signingrequest-signaturessimple-hmac-auth
  Language:TypeScript 15