akto
akto copied to clipboard
akto-api-security
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
💭 Introduction: Report: CSRF on /api/graphql allows executing mutations through GET requests https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#bypass-of-csrf-protection 🎯 Requirements: 1. Filters - The should run only for GraphQL-related endpoints. eg [here](https://github.com/akto-api-security/tests-library/blob/master/Security-Misconfiguration/GraphqlTypeIntrospectionAllowed.yaml#L31) 2. Execute -...
💭 Introduction: 🎯 Requirements: ✅ Task summary: 🙋🏼♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord...
💭 Introduction: add tests to find signatures for common servers such as (Apache, Django Flask, Struts, Springboot etc) 📚 Reading You can find a detailed documentation of test editor rules...
💭 Introduction: test to exploit invalid access control on APIs if API responses are cached 📚 Reading You can find a detailed documentation of test editor rules [here](https://docs.akto.io/test-editor/test-yaml-syntax-detailed) Find 100+...
💭 Introduction This task involves using Akto to run tests on vulnerable apps like juice-shop, rest-api-goat etc. Users can view the test results and check the vulnerabilities. You can also...
💭 Introduction: https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities#bypass-of-rate-limits 📚 Reading You can find a detailed documentation of test editor rules [here](https://docs.akto.io/test-editor/test-yaml-syntax-detailed) Find 100+ examples of YAML tests [here](https://github.com/akto-api-security/tests-library) ✅ Task summary: - [ ] Ask...
# 💭 Introduction Akto allows users to find sensitive params in request and response of APIs. These sensitive params include PII data such as SSN, Credit card number, phone number...
# 💭 Introduction Akto allows users to find sensitive params in request and response of APIs. These sensitive params include PII data such as SSN, Credit card number, phone number...
💭 Introduction: https://wundergraph.com/blog/the_complete_graphql_security_guide_fixing_the_13_most_common_graphql_vulnerabilities_to_make_your_api_production_ready#8.-relay-global-object-identification-vulnerability 📚 Reading You can find a detailed documentation of test editor rules [here](https://docs.akto.io/test-editor/test-yaml-syntax-detailed) Find 100+ examples of YAML tests [here](https://github.com/akto-api-security/tests-library) ✅ Task summary: - [ ] Ask...
# 💭 Introduction Akto is an open source API security product. Your task is to write a blog post about testing for BOLA using Akto. ### 🎯 Requirements - Your...
Metadata
Owner
Metadata
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure