OWASP / API-Security

OWASP API Security Project
https://owasp.org/www-project-api-security/
Other
2.07k stars 377 forks source link

Information about tools and payloads #17

Open IgorSasovets opened 5 years ago

IgorSasovets commented 5 years ago

Hi, team! Thanks for the great project. I think it would be useful to add more information about different tools that can be used to test an application and detect security issues. For example, Arachni, ZAP, Burp Suite, .etc. One more thing that would be useful for application developers, QA engineers, security experts - links or examples of possible payloads that can be used to test an application API. There is a cool repository, called PayloadAllTheThings that contains a lot of payload examples to use during a security testing process. I can provide more information about tools and useful sources if it needed.

Best regards, Ihor

PauloASilva commented 5 years ago

Hi @IgorSasovets, We plan to add a "How to Detect" sub-section for each Top 10 entry. In this new sub-section, we will add recommendations about product categories like SAST, DAST, and Code Review. Since we should keep the document vendor agnostic, there's no space for such (nice) things like Burp Suite.

I think most of your suggestions are best suited to a Cheat Sheet: please check the roadmap.

Cheers, Paulo A. Silva

IgorSasovets commented 5 years ago

Hi, @PauloASilva !

Thanks for the answer. Then, I think, I will wait for a Cheat Sheet release and open a PR for it.

Best regards, Ihor