Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.

TryHackMe walkthrough demonstrating real-world exploitation and mitigation of critical API security flaws (Mass Assignment to Logging & Monitoring).

Burp Suite extension implementing OWASP API Security Top 10 (2023) coverage on the Montoya API — active + passive scan checks with optional Burp AI integration

OWASP API Top 10 penetration testing assessment of the OpenVault Bank application using Burp Suite, OWASP ZAP, Postman, and JWT analysis.

API Security Testing Framework covering OWASP API Security Top 10 with 10 modules including BOLA, Authentication, SSRF, Injection, Rate Limiting, CORS, and Mass Assignment, generates JSON and HTML reports, and runs fully on-premises.

API security assessment against OWASP crAPI focused on OWASP API Security Top 10, BOLA, Excessive Data Exposure, authentication review, authorization testing, evidence collection, and remediation reporting.

Simulador de ataques e fuzzer automatizado para APIs RESTful. Desenvolvido em Python e Playwright para testes de segurança (AppSec) e validação de vulnerabilidades do OWASP API Security Top 10 (IDOR, Rate Limiting, Logic Fuzzing) através de especificações OpenAPI com um painel web interativo.

Complete OWASP API Top 10 2023 reference. Structured methodology, deep vulnerability analysis, and API security testing techniques. Enterprise-ready API security assessment.

Sector-aware OSINT vulnerability intelligence API. Aggregates NVD, CISA KEV and GitHub Advisories, scores each CVE per industry profile.

Practical, code-first checklist for hardening REST APIs — auth, RBAC, input validation, webhooks, SSRF. Companion to my OWASP SaaS Hardening Guide.