completely ridiculous API (crAPI)

API Security Project aims to present unique attack & defense methods in API Security field

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

This repository was developed using .NET 7.0 API technology based on findings listed in the OWASP 2019 API Security Top 10.

Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.

API Penetration Testing Notes

This application contains intentional security vulnerabilities and should never be deployed in production environments or exposed to the internet. Use only in controlled, isolated environments for security training, demonstrations, and testing. This lab was originally created by TheCyberpunker - Luis Uribe, a security researcher from our company.

This is a Python based API-Security framework containing ApiSecurityHeader.py script which will check the Security response headers mentioned in OWASP Secure Headers Project are present and contains the required value.

A complete package for security testing of REST, SOAP and GraphQL APIs for vulnerabilities.

A lightweight, event-driven API reconnaissance and vulnerability scavenger built in Bash. Engineered for proactive threat hunting, it automates endpoint discovery, secret scavenging, and RCE/SQLi probing.

This project showcases a comprehensive implementation of authorization and middleware in a Laravel application. The focus is on demonstrating how to manage user permissions and protect routes using Laravel’s built-in authorization features and custom middleware.

Complete Package of API Firewalll (wallarm) with controller and panel

📚 Build a modern exam practice system with features like question management, smart exercises, and performance analysis for effective learning.

A Burp Suite extension that imports Postman, Swagger, Openapi .json files directly into Burp. It parses requests (method, URL, headers, body) and displays them in a table, allowing users to send selected requests to Repeater.

Built TechVault API, a FastAPI-based tool that fetches and summarizes MDN Web Docs for developers. It streamlines documentation lookup, enhances readability, and ensures secure, efficient access. Excited to keep improving it with more sources and AI-powered summarization!

Backend Developer skilled in building secure and scalable REST APIs using FastAPI, FLASK and MYSQL . experience in JWT authentication , role-bashed access control and implemented password hashing , token gerenation and secure login sessions.

An API to manage personal finances with expense tracking, budgeting, and analytics features.

In this repo, I share blog posts, hacking tricks, detailed writeups, insightful articles, CTF challenges, and anything else related to application security and API security that I learn along the way. Join me on this journey as we explore the exciting realm of digital defense together.