API Vulnerabilities Labs

The following list of Open Source vulnerability labs offers resources for both beginners and experienced cybersecurity experts. These labs tends to cover a wide variety of API vulnerabilities, from the most basic to the most complex, allowing you to gain hands-on experience in identifying, exploiting, and mitigating security flaws. For now, this list is not so large but do not hesitate to contribute.

To enhance your API cybersecurity knowledge and skill set, we invite you to explore and contribute to this list of vulnerabilities labs:

LabVulnerability Documentation
Authentication Not Verified (opens in a new tab)
JWT Alg None Lab (opens in a new tab)JWT Alg None Documentation
JWT Blank Secret Lab (opens in a new tab)JWT Blank Secret Documentation
JWT Not Verified Lab (opens in a new tab)
JWT Null Signature Lab (opens in a new tab)JWT Null Signature Documentation
JWT Weak HMAC Secret Lab (opens in a new tab)JWT Weak HMAC Secret Documentation
JWT Weak RSA Key Lab (opens in a new tab)