Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

Automated Security Testing For REST API's

API Security Vulnerability Scanner designed to help you secure your APIs.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

A wordlist of API names for web application assessments

A REST API security testing framework.

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Contextual Content Discovery Tool

Automated & Manual Wordlists provided by Assetnote

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

completely ridiculous API (crAPI)

In-depth attack surface mapping and asset discovery

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

The Pixi module is a MEAN Stack web app with wildly insecure APIs!