Developers want to do the right thing for security. The real challenge is that they do not understand what that “right thing” is.
Developers are naturally curious souls, and tend to operate based on principles and causation of things. They will easily do the “right thing”, when application security issues are presented in a format that is well aligned with how they absorb information.
OWASP crAPI is a vulnerable demo application from the OWASP foundation, that makes learning about API security fun for developers.
We at Levo.ai have made a number of improvements to the original crAPI, leading to a much better learning experience. Below is a summary of these improvements.
As part of quick-start, we offer a single pre-built docker container, that gets you instant access to crAPI on your laptop.
crAPI now has an embedded API explorer with full OpenAPI 3.x specifications, for all its endpoints. You can invoke these APIs directly from this interface and elicit responses.
User accounts and related data have been pre-populated for rapid access to crAPI.
CrAPI’s APIs now have clearly defined roles. This is critical in learning about privilege escalation and abuse.
Embedded within crAPI is a HackPad interface, that allows you to interactively hack crAPI’s APIs, and learn more about API vulnerabilities.
The documentation has been spruced up for quick access to important information.
We will be posting a series of articles on hacking crAPI’s APIs. In meantime we encourage you to take crAPI for a spin on your laptop.
If you prefer to try a fully hosted version of crAPI, signup for a forever free account, and experience crAPI via Levo SaaS.