Download OpenAPI specification:Download
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.
Broken Object Level Authorization
You can register yourself as a User , Thats it ....or is there something more?
| api1_id required | string |
| Authorization-Token | string Example: {{api1_auth}} |
| Content-Type | string Example: application/json |
{- "username": "",
- "name": "",
- "course": "",
- "password": ""
}Broken Authentication
We don't seem to have credentials for this , How do we login? (There's something in the Resources Folder given to you )
Excessive Data Exposure
We have all been there , right? Giving away too much data and the Dev showing it . Try the Android App in the Resources folder
Lack of Resources & Rate Limiting
We believe OTPs are a great way of authenticating users and secure too if implemented correctly!
Broken Function Level Authorization
You can register yourself as a User. Thats it or is there something more? (I heard admin logins often but uses different route)
Mass Assignment
Welcome to our store , We will give you credits if you behave nicely. Our credit management is super secure
Security Misconfiguration
Hey , its an API right? so we ARE expecting Cross Origin Requests . We just hope it works fine.