Evil Tester - REST API Challenges
- this is a highly structured self-study course that you can use online or run on your machine
- general API testing
- slightly gamified approach; it tracks your progress
- form your own study group and do this together
Bankground API
- general ApI testing, REST and GraphQL apis
- self-guided course, no feedback on progress
Damn Vulnerable Web Application
- recommended to use as a local VM
- written in PHP
- web service with xml related vulnerabilities
- written in nodeJS
Exploring Service APIs through Automation
- the course is taught using Postman, but all of these tasks can be done in SoapUI
- uses the restfulbooker api
- focus on using POISED api test heuristic (Parameters, Output, Interop, Security, Errors, and Data)
- security, REST api
Owasp WebGoat
- security, full stack webapp with SOAP web service
- structured guided study
Owasp Juice Shop
- security, full stack JS webapp
- a vulnerable REST api using open Api v3
- written in Python
- has an "on/off" vulnerable mode
- general API testing, REST api
Shield Right - Protecting the API at runtime