vAPI : Vulnerable Adversely Programmed Interface (OWASP API Top 10)


Authors:   Tushar Kulkarni


Abstract:We have seen developers move from traditional 2 tier application architecture to a 3 tier architecture which involves an API talking to front end and backend services.The API used or developed might ease the development process but a lot of vulnerabilities can come up if not developed or configured properly. vAPI is a Vulnerable Interface in a Lab like environment that mimics the scenarios from OWASP API Top 10 and helps the user understand and exploit the vulnerabilities according to OWASP API Top 10 2019.It might be useful for Developers as well as Penetration Testers to understand the type of vulnerabilities in APIs. The lab is divided into 10 exercises that sequentially demonstrate the vulnerabilities and give a flag if exploited successfully.