GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → OWASP → crAPI

OWASP / crAPI

Licence: Apache-2.0 license
completely ridiculous API (crAPI)

Programming Languages

java
68154 projects - #9 most used programming language
javascript
184084 projects - #8 most used programming language
python
139335 projects - #7 most used programming language
go
31211 projects - #10 most used programming language
shell
77523 projects
Dockerfile
14818 projects

Labels

apiowasphacktoberfestapisecurity

Projects that are alternatives of or similar to crAPI

Python Honeypot
OWASP Honeypot, Automated Deception Framework.
Stars: ✭ 160 (-70.86%)
Mutual labels:  owasp
Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+605.46%)
Mutual labels:  owasp
cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (-71.95%)
Mutual labels:  owasp
Csrf Protector Php
CSRF Protector library: standalone library for CSRF mitigation
Stars: ✭ 178 (-67.58%)
Mutual labels:  owasp
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-63.75%)
Mutual labels:  owasp
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-60.66%)
Mutual labels:  owasp
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-73.41%)
Mutual labels:  owasp
multi-juicer
Run Capture the Flags and Security Trainings with OWASP Juice Shop
Stars: ✭ 179 (-67.4%)
Mutual labels:  owasp
Zap Hud
The OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (-63.39%)
Mutual labels:  owasp
headers
An application to catch, search and analyze HTTP secure headers.
Stars: ✭ 59 (-89.25%)
Mutual labels:  owasp
Securetea Project
The OWASP SecureTea Project provides a one-stop security solution for various devices (personal computers / servers / IoT devices)
Stars: ✭ 181 (-67.03%)
Mutual labels:  owasp
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-65.94%)
Mutual labels:  owasp
Juice Shop Ctf
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (-56.65%)
Mutual labels:  owasp
Zap Cli
A simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (-69.76%)
Mutual labels:  owasp
Slides
The repo contains all the slide deck that was used during my presentation at various webinars, conferences, and meetups.
Stars: ✭ 56 (-89.8%)
Mutual labels:  owasp
Bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Stars: ✭ 2,135 (+288.89%)
Mutual labels:  owasp
Securecodingdojo
The Secure Coding Dojo is a platform for delivering secure coding training.
Stars: ✭ 216 (-60.66%)
Mutual labels:  owasp
www-project-code-review-guide
OWASP Code Review Guide Web Repository
Stars: ✭ 74 (-86.52%)
Mutual labels:  owasp
cyclonedx-dotnet
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
Stars: ✭ 110 (-79.96%)
Mutual labels:  owasp
cwe-tool
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (-92.71%)
Mutual labels:  owasp
View All Similar Projects ➔

crAPI

completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.

crAPI is modern, built on top of a microservices architecture. When time has come to buy your first car, sign up for an account and start your journey. To know more about crAPI, please check crAPI's overview.

QuickStart Guide

Docker and docker-compose

You'll need to have Docker and docker-compose installed and running on your host system. Also, the version of docker-compose should be 1.27.0 or above. Check your docker-compose version using:

docker-compose version

Using prebuilt images

You can use prebuilt images generated by our CI workflow.

  • To use the latest stable version.

    • Linux Machine
    curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml

docker-compose pull

docker-compose -f docker-compose.yml --compatibility up -d
    • Windows Machine
    curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml

docker-compose pull

docker-compose -f docker-compose.yml --compatibility up -d

  • To use the latest development version

    • Linux Machine
    curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml

VERSION=develop docker-compose pull

VERSION=develop docker-compose -f docker-compose.yml --compatibility up -d
    • Windows Machine
    curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml

set "VERSION=develop"

docker-compose pull

docker-compose -f docker-compose.yml --compatibility up -d

Visit http://localhost:8888

Note: All emails are sent to mailhog service by default and can be checked on http://localhost:8025 You can change the smtp configuration if required however all emails with domain example.com will still go to mailhog.

Vagrant

This option allows you to run crAPI within a virtual machine, thus isolated from your system. You'll need to have Vagrant and, for example VirtualBox installed.

  1. Clone crAPI repository 
    $ git clone [REPOSITORY-URL]
  2. Start crAPI Virtual Machine 
    $ cd deploy/vagrant && vagrant up
  3. Visit http://192.168.33.20

Note: All emails are sent to mailhog service and can be checked on http://192.168.33.20:8025

Once you're done playing with crAPI, you can remove it completely from your system running the following command from the repository root directory

$ cd deploy/vagrant && vagrant destroy

For more deployment options visit the setup instructions for more details.

To know more about challenges in crAPI. Visit challenges

Troubleshooting guide for general issues while installing and running crAPI

If you need any help with installing and running crAPI you can check out this guide: Troubleshooting guide crAPI. If this doesn't solve your problem, please create an issue in Github Issues.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].