上传   管理   搜索   留言
Pudn.com > 下载中心  > collect  > vapi
vapi
API Docker php cors owasp 
去下载(0) 赞(954) 踩(0) 评论(0) 收藏(0)
所属分类:collect
开发工具:HTML
文件大小:0KB
下载次数:0
上传日期:2023-04-27 14:35:10
上 传 者sh-1993
说明:  vAPI是易受攻击的逆向编程接口,它是一种自托管API,通过练习模拟OWASP API Top 10方案。
(vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.)
文件列表:
CONTRIBUTING.md (582, 2023-03-14)
CONTRIBUTORS.md (1, 2023-03-14)
Dockerfile (541, 2023-03-14)
LICENSE (35149, 2023-03-14)
Resources/ (0, 2023-03-14)
Resources/API2_CredentialStuffing/ (0, 2023-03-14)
Resources/API2_CredentialStuffing/creds.csv (31725, 2023-03-14)
Resources/API3_APK/ (0, 2023-03-14)
Resources/API3_APK/TheCommentApp.apk (3940650, 2023-03-14)
composer.json (66, 2023-03-14)
composer.lock (2638, 2023-03-14)
conf/ (0, 2023-03-14)
database/ (0, 2023-03-14)
database/vapi.sql (18773, 2023-03-14)
docker-compose.yml (2404, 2023-03-14)
postman/ (0, 2023-03-14)
postman/vAPI.postman_collection.json (26079, 2023-03-14)
postman/vAPI_ENV.postman_environment.json (299, 2023-03-14)
vapi-chart/ (0, 2023-03-14)
vapi-chart/.helmignore (349, 2023-03-14)
vapi-chart/Chart.lock (220, 2023-03-14)
vapi-chart/Chart.yaml (1263, 2023-03-14)
vapi-chart/charts/ (0, 2023-03-14)
vapi-chart/charts/mysql-8.8.23.tgz (39646, 2023-03-14)
vapi-chart/templates/ (0, 2023-03-14)
vapi-chart/templates/NOTES.txt (1735, 2023-03-14)
vapi-chart/templates/_helpers.tpl (1752, 2023-03-14)
vapi-chart/templates/configmap.yaml (1218, 2023-03-14)
vapi-chart/templates/deployment.yaml (1993, 2023-03-14)
vapi-chart/templates/hpa.yaml (907, 2023-03-14)
vapi-chart/templates/ingress.yaml (2073, 2023-03-14)
vapi-chart/templates/secret.yaml (196, 2023-03-14)
vapi-chart/templates/service.yaml (352, 2023-03-14)
vapi-chart/templates/serviceaccount.yaml (314, 2023-03-14)
... ...
# vAPI [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Check%20out%20vAPI%20on%20Github!&url=https://github.com/roottusk/vapi&via=vk_tushar&hashtags=apisecurity,apitop10,owasp) [![Docker](https://img.shields.io/badge/docker-support-%2300D1D1)](https://github.com/roottusk/vapi#installation-docker) [![Build Status](https://app.travis-ci.com/roottusk/vapi.svg?branch=master)](https://app.travis-ci.com/roottusk/vapi) [![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blueviolet.svg)](https://www.gnu.org/licenses/gpl-3.0) [![Version](https://img.shields.io/badge/version-v1.3-blue)](https://github.com/roottusk/vapi) [![PHP](https://img.shields.io/badge/php-7.3^-yellow)](https://github.com/roottusk/vapi) [![Laravel](https://img.shields.io/badge/Laravel-8-orange)](https://github.com/roottusk/vapi) [![Issues](https://img.shields.io/github/issues-closed/roottusk/vapi?color=%23eb3434)](https://github.com/roottusk/vapi/issues)

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises. # Requirements * PHP * MySQL * PostMan * MITM Proxy # Installation (Docker) ```bash docker-compose up -d ``` # Installation (Manual) ## Copying the Code ```bash cd ``` ```bash git clone https://github.com/roottusk/vapi.git ``` ## Setting up the Database Import `vapi.sql` into MySQL Database Configure the DB Credentials in the `vapi/.env` ## Starting MySQL service Run following command (Linux) ```bash service mysqld start ``` ## Starting Laravel Server Go to `vapi` directory and Run ```bash php artisan serve ``` ## Setting Up Postman - Import `vAPI.postman_collection.json` in Postman - Import `vAPI_ENV.postman_environment.json` in Postman OR Use Public Workspace https://www.postman.com/roottusk/workspace/vapi/ # Usage Browse `http://localhost/vapi/` for Documentation After Sending requests, refer to the Postman Tests or Environment for Generated Tokens # Deployment [Helm](https://helm.sh/) can be used to deploy to a Kubernetes namespace. The chart is in the `vapi-chart` folder. The chart requires one secret named `vapi` with the following values: ``` DB_PASSWORD: DB_USERNAME: ``` Sample Helm Install Command: `helm upgrade --install vapi ./vapi-chart --values=./vapi-chart/values.yaml` *** Important *** The MYSQL_ROOT_PASSWORD on line 232 in the `values.yaml` must match that on line 184 in order to work. # Presented At [OWASP 20th Anniversary](https://owasp20thanniversaryevent20.sched.com/event/ll1k) [Blackhat Europe 2021 Arsenal](https://www.youtube.com/watch?v=7_Q5Rlm7Too) [HITB Cyberweek 2021, Abu Dhabi, UAE](https://cyberweek.ae/2021/hitb-armory/) [@Hack, Riyadh, KSA](https://athack.com/speakers?keys=Tushar) # Upcoming [APISecure.co](https://apisecure.co/) # Mentions and References [1] https://apisecurity.io/issue-132-experian-api-leak-breaches-digitalocean-geico-burp-plugins-vapi-lab/ [2] https://dsopas.github.io/MindAPI/references/ [3] https://dzone.com/articles/api-security-weekly-issue-132 [4] https://owasp.org/www-project-vulnerable-web-applications-directory/ [5] https://github.com/arainho/awesome-api-security [6] https://portswigger.net/daily-swig/introducing-vapi-an-open-source-lab-environment-to-learn-about-api-security [7] https://apisecurity.io/issue-169-insecure-api-wordpress-plugin-tesla-3rd-party-vulnerability-introducing-vapi/ # Walkthroughs/Writeups/Videos [1] https://cyc0rpion.medium.com/exploiting-owasp-top-10-api-vulnerabilities-fb9d4b1dd471 (vAPI 1.0 Writeup) [2] https://www.youtube.com/watch?v=0F5opL_c5-4&list=PLT1Gj1RmR7vqHK60qS5bpNUeivz4yhmbS (Turkish Language) (vAPI 1.1 Walkthrough) [3] https://medium.com/@jyotiagarwal3190/roottusk-vapi-writeup-341ec99879c (vAPI 1.1 Writeup) # Acknowledgements * The icon and banner uses image from [Flaticon](https://www.flaticon.com/free-icon/bug_190835)
近期下载者
相关文件
收藏者

© 联合开发网 from 2004 | 联系站长 | 湘ICP备2023001425号 | 网安备43010502000604 |