VAmPISecurityTests with python and pytest
PyTest program to test VAmPI https://github.com/erev0s/VAmPI vulnerable REST API with OWASP top 10 vulnerabilities
- SQL Injection https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#sql-injection
- Unauthorized password change https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#unauthorized-password-change
- Mass Assignment https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#mass-assignment
- Excessive data exposure https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#excessive-data-exposure
- User and Password Enumeration https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#user-and-password-enumeration
- Rate Limiting https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#lack-of-resources-amp-rate-limiting
- RegexDOS (Denial of service) https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#regexdos-denial-of-service
- Broken Object Level Authorization https://erev0s.com/blog/vampi-vulnerable-api-security-testing/#broken-object-level-authorization
- pip3 install -U pytest
- Clone VAmPI
- Do run inside the VAmPI folder "docker build -t vampi_docker:latest ." as per instructions
- Do run inside the VAmPI folder "docker compose up -d"
- This will start VAmPI on port 5002 as vulnerable and on port 5001 as secure.
- Now do change port variable from inside test_VAmPISecurityTests.py file as wished in order to experiment.
Run with: "pytest test_VAmPISecurityTests.py --verbose -s"