• Home
  • Categories
  • Pricing
  • Submit
    Built with
    Ever Works
    Ever Works

    Connect with us

    Stay Updated

    Get the latest updates and exclusive content delivered to your inbox.

    Product

    • Categories
    • Pricing
    • Help

    Clients

    • Sign In
    • Register
    • Forgot password?

    Company

    • About Us
    • Admin
    • Sitemap

    Resources

    • Blog
    • Submit
    • API Documentation
    All product names, logos, and brands are the property of their respective owners. All company, product, and service names used in this repository, related repositories, and associated websites are for identification purposes only. The use of these names, logos, and brands does not imply endorsement, affiliation, or sponsorship. This directory may include content generated by artificial intelligence.
    Copyright © 2025 Ever. All rights reserved.·Terms of Service·Privacy Policy·Cookies
    Decorative pattern
    Decorative pattern
    1. Home
    2. Security
    3. Awesome API Security

    Awesome API Security

    A collection of awesome API security tools and resources with focus on open-source tools, including OWASP API Security Project guidelines and testing frameworks.

    Surveys

    Loading more......

    Information

    Websitegithub.com
    PublishedMar 18, 2026

    Categories

    1 Item
    Security

    Tags

    3 Items
    #api-security#owasp#security-testing

    Similar Products

    6 result(s)

    Awesome Network Protocol Fuzzing

    A list of curated papers and tools focusing on network protocol fuzzing for discovering vulnerabilities, testing implementations, and improving protocol security.

    Awesome API Security Essentials

    Awesome API Security - A curated collection of resources for bulletproof API protection, providing developers with comprehensive security measures and best practices.

    Awesome GraphQL Security

    A curated list of awesome GraphQL security frameworks, libraries, software, and resources for securing GraphQL APIs and applications.

    Awesome CloudSec Labs

    Awesome free cloud native security learning labs including CTF challenges, self-hosted workshops, guided vulnerability labs, and cloud security research environments.

    Awesome Homomorphic Encryption

    A curated list of libraries, software, papers, and resources for Homomorphic Encryption (HE), enabling computation on encrypted data without decryption for privacy-preserving applications.

    Awesome Cloud Security

    Awesome curated list of cloud security resources including penetration testing tools for Cloud Security, mainly covering AWS, Azure, and Google Cloud Platform security assessment and hardening.

    Overview

    Awesome API Security collects tools and resources for securing APIs, with preference for open-source tools and community editions that benefit everyone.

    OWASP API Security Top 10

    1. Broken Object Level Authorization
    2. Broken Authentication
    3. Broken Object Property Level Authorization
    4. Unrestricted Resource Consumption
    5. Broken Function Level Authorization
    6. Unrestricted Access to Sensitive Business Flows
    7. Server Side Request Forgery
    8. Security Misconfiguration
    9. Improper Inventory Management
    10. Unsafe Consumption of APIs

    Security Testing Tools

    Open Source

    • OWASP ZAP: Web application security scanner
    • Postman: API testing with security checks
    • Burp Suite Community: Intercept and modify requests
    • Nuclei: Fast vulnerability scanner

    API-Specific

    • API Security Testing tools: Automated security testing
    • Astra: REST API penetration testing
    • REST-Attacker: Security testing framework

    Authentication & Authorization

    OAuth 2.0 & OpenID Connect

    • Secure implementation patterns
    • Common vulnerabilities
    • Token management

    JWT Security

    • Proper signature verification
    • Token expiration
    • Secure secret management
    • Algorithm confusion attacks

    API Keys

    • Rotation policies
    • Secure storage
    • Rate limiting
    • Scope restrictions

    Input Validation

    • Schema validation
    • Type checking
    • Range validation
    • Format verification
    • SQL injection prevention
    • NoSQL injection prevention

    Rate Limiting & Throttling

    • Per-user limits
    • IP-based limiting
    • Endpoint-specific rates
    • Distributed rate limiting

    Security Headers

    • CORS configuration
    • Content Security Policy
    • X-Content-Type-Options
    • Strict-Transport-Security

    Monitoring & Logging

    • Security event logging
    • Anomaly detection
    • API abuse detection
    • Audit trails

    Best Practices

    • Always use HTTPS/TLS
    • Implement proper authentication
    • Validate all inputs
    • Use rate limiting
    • Log security events
    • Keep software updated
    • Follow OWASP guidelines
    • Regular security audits

    Security as Code

    • API security in CI/CD
    • Automated scanning
    • Policy enforcement
    • Infrastructure as code security

    Compliance

    • GDPR considerations
    • PCI DSS for payments
    • HIPAA for healthcare
    • SOC 2 requirements