all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

API Security with crAPI vulnerable lab Part 1

Add to bookmarks
April 11, 2023, 12:25 p.m. | Kushanmaduranga

System Weakness - Medium systemweakness.com

CrAPI is a purposely vulnerable API that is designed to showcase common API security vulnerabilities outlined in the OWASP API Top 10.

To Deploy crAPI locally

Step 1

Installing docker.io package

Step 2

Installing docker Compose

Step3

To clone crAPI

Step4

Excellent, let’s begin our task now.

Exploiting API Authorization

Challenge 1 — Access details of another user’s vehicle

BOLA Example:

There are two API endpoints:

  • “/identity/api/v2/vehicle/carA/location”
  • “/identity/api/v2/vehicle/carB/location”

The system has a BOLA (Broken Object …

access api api security authorization bola broken object level authorization crapi docker endpoints exploiting hacking identity information lab location object owasp owasp api owasp api top 10 security system task top 10 vehicle vulnerabilities vulnerability vulnerable vulnerable api

Visit resource

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 7 hours ago | systemweakness.com
attacks business compromise confidentiality +13
How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 7 hours ago | systemweakness.com
access active directory applications authentication +15
OSI Model & TCP/IP Comparison 7 hours ago | systemweakness.com
access communication deals frameworks +14
First AD home lab 1 day, 4 hours ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 1 day, 4 hours ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 2 days, 2 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 2 days, 2 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 2 days, 2 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 2 days, 2 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs