API Security Project aims to present unique attack & defense methods in API Security field

Microsoft REST API Guidelines

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development)

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

completely ridiculous API (crAPI)

Checklist of the most important security countermeasures when designing, testing, and releasing your API

📚 A collection of useful resources for building RESTful HTTP+JSON APIs.

The official Python client library for api.video

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

This challenge is Inon Shkedy's 31 days API Security Tips.

Metlo is an open-source API security platform.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

OWASP API Security Project

☑️ A security checklist for anyone who's developing and deploying APIs

Contextual Content Discovery Tool

OWASP Foundation Web Repository

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

APIsec|SCAN - Free API security testing using Github actions

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!

Opensource IDE For Exploring and Testing Api's (lightweight alternative to postman/insomnia)

🎮 GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)