~ crAPI beta announcement ~

[Inon Shkedy]

Hello API Security community!

After many vulnerable lines of code have been written, we are pleased to announce the beta version of crAPI!

crAPI stands for a Completely Ridiculous API. Following the footsteps of Webgoat and JuiceShop, crAPI is an intentionally vulnerable application, but it is primarily focused on APIs for the purpose of teaching, learning, and practicing API security.

You will not find the mundane XSS and SQLi challenges here. crAPI only has vulnerabilities that actually happen in modern API based applications, including all those in the OWASP Top 10 for APIs! All the challenges in crAPI are based on real-life vulnerabilities that were found in APIs of big companies like Facebook, Uber and Shopify. 

So if you are a pen-tester, a security engineer, a developer, or a security enthusiast, you are more than welcome to hack crAPI!

At this point, we are announcing the project only through the mailing list. We would love to get feedback from security experts like you so we can validate the hacks and fix embarrassing bugs before we do a bigger release.

GitHub: https://github.com/owasp/crapi

Hosted live version: crapi.io

Cheers,
Inon Shkedy

[Ailton da SIlva dos Santos Filhos]

Hi, Inon,

Great! I'm sure the community was looking for an intentionally vulnerable application since 2019 to serve as a benchmark and playground.

I'll give it a try for sure.

When you want to spread it widely, let us know to help share it.

Best regards,

Ailton

--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/96ac0500-bdd0-4fb8-8a3a-da73e4049e2fn%40owasp.org.

--

Att. Ailton da Silva dos Santos Filho

Mestre em Ciência da Computação

Engenheiro da Computação

[Amit Finegold]

Hi All,

I'm planning to present the OWAST Top 10 for API Security to the developers and archiects at my company next week.

Before I head to build my own PPT presentation about it, I was wondering if there is any presantation available.

Thanks a lot,

Amit

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAL2MntdWQ3qRtecHT6hb6j1%2Bia%2B%2Bycb3Y8iEvci7VBhUmJFuaA%40mail.gmail.com.

[Paulo Silva]

Hi Amit,

Check out what's available here [1] and search this mailing list earlier threads: I remember some presentations were shared here when OWASP API Securiry Top 10 2019 was first published.

[1]: https://owasp.org/www-project-api-security/

Cheers,

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAJnYCTMBPUygBwQReeveFtY3_A2zEAXq2STEPHjfG%2Ba3jMQx1w%40mail.gmail.com.

[Paulo Silva]

On Sun, Feb 14, 2021, 10:39 PM Paulo Silva <paulo...@owasp.org> wrote:

Hi Amit,

Check out what's available here [1] and search this mailing list earlier threads: I remember some presentations were shared here when OWASP API Securiry Top 10 2019 was first published.

[1]: https://owasp.org/www-project-api-security/

The direct link https://owasp.org/www-project-api-security/#div-news

[Amit Finegold]

Thanks a lot Paulo 🙏

[Paulo Silva]

My pleasure! 

[Isabelle Mauny]

Hello Amit,

We have also created a bunch of free resources you may want to use : 

https://apisecurity.io/encyclopedia/content/owasp/owasp-api-security-top-10.htm

including this cheat sheet, which you are free to re-distribute.

https://apisecurity.io/encyclopedia/content/owasp/owasp-api-security-top-10-cheat-sheet

Good luck with the course!

Isabelle.

____________________
Isabelle Mauny - Field CTO and Co-Founder - 42Crunch

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAJnYCTNMsMDOfk8j7Lr8F2NKcb90A50DK0PyG9%3DpTX7dmK7tQA%40mail.gmail.com.