DEV Community

Cover image for Making Security Fun for Developers
Harish Nataraj
Harish Nataraj

Posted on

3 1

Making Security Fun for Developers

Developers do care about security

Developers want to do the right thing for security. The real challenge is that they do not understand what that “right thing” is.

Developers are naturally curious souls, and tend to operate based on principles and causation of things. They will easily do the “right thing”, when application security issues are presented in a format that is well aligned with how they absorb information.

OWASP crAPI aims to make security fun

OWASP crAPI is a vulnerable demo application from the OWASP foundation, that makes learning about API security fun for developers.

crAPI stands for Completely Ridiculous API, and is built on modern API/microservices based architecture. Corey Ball, author of Hacking APIs refers to crAPI extensively in his lab exercises.

Image description

Levo gives crAPI a facelift

We at Levo.ai have made a number of improvements to the original crAPI, leading to a much better learning experience. Below is a summary of these improvements.

Fast Install & Startup

As part of quick-start, we offer a single pre-built docker container, that gets you instant access to crAPI on your laptop.

Full OpenAPI Specifications

Image description
crAPI now has an embedded API explorer with full OpenAPI 3.x specifications, for all its endpoints. You can invoke these APIs directly from this interface and elicit responses.

Pre-populated user accounts & data

User accounts and related data have been pre-populated for rapid access to crAPI.

Image description

User Roles for Privilege Escalation Exercises

Image description
CrAPI’s APIs now have clearly defined roles. This is critical in learning about privilege escalation and abuse.

HackPad

Image description
Embedded within crAPI is a HackPad interface, that allows you to interactively hack crAPI’s APIs, and learn more about API vulnerabilities.

Improved Documentation

The documentation has been spruced up for quick access to important information.

Stay tuned for the hacking APIs series

We will be posting a series of articles on hacking crAPI’s APIs. In meantime we encourage you to take crAPI for a spin on your laptop.

If you prefer to try a fully hosted version of crAPI, signup for a forever free account, and experience crAPI via Levo SaaS.

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay