Hello API Security community!
After many vulnerable lines of code have been written, we are pleased to announce the beta version of crAPI!
crAPI stands for a Completely Ridiculous API. Following the footsteps of Webgoat and JuiceShop, crAPI is an intentionally vulnerable application, but it is primarily focused on APIs for the purpose of teaching, learning, and practicing API security.
You will not find the mundane XSS and SQLi challenges here. crAPI only has vulnerabilities that actually happen in modern API based applications, including all those in the OWASP Top 10 for APIs! All the challenges in crAPI are based on real-life vulnerabilities that were found in APIs of big companies like Facebook, Uber and Shopify.
So if you are a pen-tester, a security engineer, a developer, or a security enthusiast, you are more than welcome to hack crAPI!
At this point, we are announcing the project only through the mailing list. We would love to get feedback from security experts like you so we can validate the hacks and fix embarrassing bugs before we do a bigger release.
GitHub: https://github.com/owasp/crapi
Hosted live version: crapi.io
Cheers,
Inon Shkedy
--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/96ac0500-bdd0-4fb8-8a3a-da73e4049e2fn%40owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAL2MntdWQ3qRtecHT6hb6j1%2Bia%2B%2Bycb3Y8iEvci7VBhUmJFuaA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAJnYCTMBPUygBwQReeveFtY3_A2zEAXq2STEPHjfG%2Ba3jMQx1w%40mail.gmail.com.
Hi Amit,Check out what's available here [1] and search this mailing list earlier threads: I remember some presentations were shared here when OWASP API Securiry Top 10 2019 was first published.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAJnYCTNMsMDOfk8j7Lr8F2NKcb90A50DK0PyG9%3DpTX7dmK7tQA%40mail.gmail.com.