Check your WAF before an attacker does

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

API Security Vulnerability Scanner designed to help you secure your APIs.

Automated API security testing

Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities

GitHub action to run Traceable Active Security Testing in GitHub workflows

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

A community-driven list of custom Escape rules. Test your API security with rules that automatically adapt for you.

A RESTful API brute-forcing tool in Go for ethical hacking practice. **Gobrute** is built for testing login passwords with multithreading, progress tracking, and customizable payloads, ideal for controlled environments like OWASP Juice Shop.

An intelligent web-proxy that monitors API requests of a web application and detects API security vulnerabilities automatically.

OWASP-Top-10-Security-Vulnerabilities-With-Node.js