Roshan Piyush

Will need to update the api spec as well. Which doesn't contain some of the APIs. We need to automate api spec validation based on postman collection

There are hidden apis that are not documented. Part of the challenge which should remain hidden IMO.

One API that I see missing is get specific order workflow. i.e order/order-id. Others please audit the flow from UI to validate and update both the postman collection and api...

Sure. We will taking this up shortly to documents various ways to solutions. Hints and Detailed solutions.

To showcase unsecured and unencrypted grpc channel. It would be best to convert the existing go service to grpc. This would showcase how API vulnerabilities are independent of framework used

Thank you for reporting the issue. Its a typo. Will sort this out.

Seems your cpu doesn't support mondo db version 5. You can change the version to 4.4 in the compose file. Please do remember to clean the container and mongodb **volume**...

Not yet. We can have add a ctf mode for sure.

That's the indirect command injection in crAPI. We can for sure enhance in that direction. Since this is get request maybe provide a query param as conversion param in the...

Can you please provide container logs and compose file used.