The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

AWS API Gateway Security Deep dive

Automated API security testing

The GenAI API Pentest Platform is a API security testing tool that leverages multiple Large Language Models (LLMs) to perform intelligent, context-aware API security assessments. Unlike traditional tools that rely on pattern matching, this platform uses AI to understand logic, predict vulnerabilities, and generate sophisticated attack scenario.

🚀 Transform cto.new API into a fully compatible OpenAI format with enginelabs-2api, a lightweight and efficient proxy service for seamless integration.

A Burp Suite extension that automatically categorizes HTTP requests from proxy history based on user-defined keywords.

PDF Extractor API is a FastAPI project for extracting information from PDFs. It includes user authentication, PDF uploading, and text extraction. The API supports secure PDF uploads, keyword-based extraction, and rate limiting.

An integrated tool to detect, fingerprint, and explore GraphQL endpoints.

Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.

Swagger/OpenAPI/WSDL/SOAP 接口 Fuzz 工具， —— 面向 API 安全测试的轻量化命令行工具。

This repository is a collection of highly optimized API templates designed to help developers quickly build efficient, scalable, and secure APIs for various purposes. Whether you're building a simple CRUD application, an authentication system, or a complex microservice architecture, you'll find reusable templates that follow industry best practices

This package facilitates the way of API Signing in Django projects.

FastAPI-based backend API for managing users and orders with JWT authentication, role-based access control, and PostgreSQL integration.

FastAPI rate limiter for LLM APIs with hierarchical token buckets

Sasha - Advanced Security Analysis Tool A modular, automated security analysis tool designed for app developers, penetration testers, and cybersecurity professionals. Sasha detects vulnerabilities in applications, APIs, and infrastructure while providing detailed risk assessment reports. Its modular architecture ensures extensibility

Security-focused REST API built with FastAPI, demonstrating JWT authentication, RBAC, rate limiting, account lockout, and audit logging following OWASP best practices.

Quickstart Approov integration example for the Python FastAPI framework

A secure and scalable Django REST API for restaurant management — built with Django REST Framework, MySQL, and JWT authentication as part of the Meta Backend Developer Capstone.

This a very simple Python Flask server used for the Approov Live Demo.

This Proof of Concept (PoC) demonstrates the implementation of an end-to-end API security framework applied to a fintech transactional use case. It aims to showcase how multiple security frameworks (OWASP, PCI DSS, ISO 27001, NIST 800-204A, GDPR) can be applied coherently in a modern microservices architecture.