Check your WAF before an attacker does
-
Updated
Nov 5, 2024 - Python
Check your WAF before an attacker does
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
API Security Vulnerability Scanner designed to help you secure your APIs.
Automated API security testing
Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
GitHub action to run Traceable Active Security Testing in GitHub workflows
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
A community-driven list of custom Escape rules. Test your API security with rules that automatically adapt for you.
OWASP-Top-10-Security-Vulnerabilities-With-Node.js
An intelligent web-proxy that monitors API requests of a web application and detects API security vulnerabilities automatically.
A RESTful API brute-forcing tool in Go for ethical hacking practice. **Gobrute** is built for testing login passwords with multithreading, progress tracking, and customizable payloads, ideal for controlled environments like OWASP Juice Shop.
Add a description, image, and links to the api-security-testing topic page so that developers can more easily learn about it.
To associate your repository with the api-security-testing topic, visit your repo's landing page and select "manage topics."