.png)
2 years ago
166 
vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.
PHP MySQL PostMan MITM ProxyCopying the Code
Setting up the Database
Import vapi.sql into MySQL Database
Configure the DB Credentials in the vapi/.env
Starting MySQL service
Run following command (Linux)
Starting Laravel Server
Go to vapi directory and Run
Setting Up Postman
Import vAPI.postman_collection.json in Postman Import vAPI_ENV.postman_environment.json in PostmanOR
Use Public Workspace
https://www.postman.com/roottusk/workspace/vapi/
Browse http://localhost/vapi/ for Documentation
After Sending requests, refer to the Postman Tests or Environment for Generated Tokens
Helm can be used to deploy to a Kubernetes namespace. The chart is in the vapi-chart folder. The chart requires one secret named vapi with the following values:
username to use>">
DB_PASSWORD: <database password to use>DB_USERNAME: <database username to use>
Sample Helm Install Command: helm upgrade --install vapi ./vapi-chart --values=./vapi-chart/values.yaml
*** Important ***
The MYSQL_ROOT_PASSWORD on line 232 in the values.yaml must match that on line 184 in order to work.
HITB Cyberweek 2021, Abu Dhabi, UAE
[2] https://dsopas.github.io/MindAPI/references/
[3] https://dzone.com/articles/api-security-weekly-issue-132
[4] https://owasp.org/www-project-vulnerable-web-applications-directory/
[5] https://github.com/arainho/awesome-api-security
[1] https://cyc0rpion.medium.com/exploiting-owasp-top-10-api-vulnerabilities-fb9d4b1dd471 (vAPI 1.0 Writeup)
[2] https://www.youtube.com/watch?v=0F5opL_c5-4&list=PLT1Gj1RmR7vqHK60qS5bpNUeivz4yhmbS (Turkish Language) (vAPI 1.1 Walkthrough)
[3] https://medium.com/@jyotiagarwal3190/roottusk-vapi-writeup-341ec99879c (vAPI 1.1 Writeup)
The icon and banner uses image from Flaticon
Bengali (Bangladesh) · 
English (United States) ·