all InfoSec news
API Security with crAPI vulnerable lab Part 1
System Weakness - Medium systemweakness.com
CrAPI is a purposely vulnerable API that is designed to showcase common API security vulnerabilities outlined in the OWASP API Top 10.
To Deploy crAPI locally
Step 1
Step 2
Step3
Step4
Excellent, let’s begin our task now.
Exploiting API Authorization
Challenge 1 — Access details of another user’s vehicle
BOLA Example:
There are two API endpoints:
- “/identity/api/v2/vehicle/carA/location”
- “/identity/api/v2/vehicle/carB/location”
The system has a BOLA (Broken Object …
access api api security authorization bola broken object level authorization crapi docker endpoints exploiting hacking identity information lab location object owasp owasp api owasp api top 10 security system task top 10 vehicle vulnerabilities vulnerability vulnerable vulnerable api