Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

This challenge is Inon Shkedy's 31 days API Security Tips.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

A Huge Learning Resources with Labs For Offensive Security Players

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

some examples that show basic and more advanced implementations of oauth2 authorization mechanism in spring-cloud microservices environment

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Metlo is an open-source API security platform.

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.