VAmPI - Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a switch on/off to allow the API to be vulnerable or not while testing. This allows to cover better the cases for false positives/negatives. VAmPI can also be used for learning/teaching purposes. You can find a bit more details about the vulnerabilities in erev0s.com. Features Based on OWASP Top 10 vulnerabilities for APIs. OpenAPI3 specs and Postman Collection included. Global switch on/off to have a vulnerable environment or not. Token-Based Authentication (Adjust lifetime from within app.py) VAmPI's flow of actions is going like this: an unregistered user can see minimal information about the dummy users included in the API. A user can register and then login....

Read the rest of this story with a free account.

Already have an account? Sign in

June 21, 2022

Author

Hakin9 TEAM: Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.

Latest Articles

BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
BlogAugust 29, 2022Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
BlogAugust 25, 2022Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky

1 Comment

Newest

Oldest Most Voted

Inline Feedbacks

View all comments

Lizzy Agnes

2 days ago

A great hacker is really worthy of good recommendation , Henry
really help to get all the evidence i needed against my husband and
and i was able to confront him with this details from this great hacker
to get an amazing service done with the help ,he is good with what he does and the charges are affordable, I think all I owe him is publicity for a great work done via, Henryclarkethicalhacker at gmail com, and you can text, call him on whatsapp him on +12014305865, or +17736092741,

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

VAmPI - Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Author

Latest Articles

Thank you!

https://hakin9.org/wp-content/uploads/2023/06/hakin9_logo.svg