Skip to content

API Vulnerabilities Labs

The following list of Open Source vulnerability labs offers resources for both beginners and experienced cybersecurity experts. These labs tends to cover a wide variety of API vulnerabilities, from the most basic to the most complex, allowing you to gain hands-on experience in identifying, exploiting, and mitigating security flaws. For now, this list is not so large but do not hesitate to contribute.

To enhance your API cybersecurity knowledge and skill set, we invite you to explore and contribute to this list of vulnerabilities labs:

LabVulnerability Documentation
Authentication Not Verified
JWT Alg None LabJWT Alg None Documentation
JWT Blank Secret LabJWT Blank Secret Documentation
JWT Not Verified Lab
JWT Null Signature LabJWT Null Signature Documentation
JWT Weak HMAC Secret LabJWT Weak HMAC Secret Documentation
JWT Weak RSA Key Lab