vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.
- PHP
- MySQL
- PostMan
- MITM Proxy
docker-compose up -dYou can clone new code but may need to run the following for a fresh spin before running docker-compose
docker rm -f $(docker ps -a -q)
docker volume rm $(docker volume ls -q)cd <your-hosting-directory>git clone https://github.com/roottusk/vapi.gitImport vapi.sql into MySQL Database
Configure the DB Credentials in the vapi/.env
Run following command (Linux)
service mysqld startGo to vapi directory and Run
php artisan serve- Import
vAPI.postman_collection.jsonin Postman - Import
vAPI_ENV.postman_environment.jsonin Postman
OR
Use Public Workspace
https://www.postman.com/roottusk/workspace/vapi/
Browse http://localhost/vapi/ for Documentation
After Sending requests, refer to the Postman Tests or Environment for Generated Tokens
HITB Cyberweek 2021, Abu Dhabi, UAE
[2] https://dsopas.github.io/MindAPI/references/
[5] https://github.com/arainho/awesome-api-security
[2] https://www.youtube.com/watch?v=0F5opL_c5-4&list=PLT1Gj1RmR7vqHK60qS5bpNUeivz4yhmbS (Turkish Language)
- The icon and banner uses image from Flaticon
