VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a switch on/off to allow the API to be vulnerable or not while testing. This allows to cover better the cases for false positives/negatives. VAmPI can also be used for learning/teaching purposes. You can find a bit more details about the vulnerabilities in erev0s.com. Features Based on OWASP Top 10 vulnerabilities for APIs. OpenAPI3 specs and Postman Collection included. Global switch on/off to have a vulnerable environment or not. Token-Based Authentication (Adjust lifetime from within app.py) VAmPI's flow of actions is going like this: an unregistered user can see minimal information about the dummy users included in the API. A user can register and then login....
Read the rest of this story with a free account.
Already have an account? Sign in
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
- BlogAugust 29, 2022Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- BlogAugust 25, 2022Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky