An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers and security engineers. The idea of the project is to provide an environment that can be easily extended with new vulnerable endpoints and mechanisms that could be used in trainings for detecting and exploiting identified vulnerabilities. It's a training playground: For Developers – engage in a dedicated game where you will identify and fix vulnerabilities interactively. For Ethical Hackers – exploit vulnerabilities manually or use automated tools. Treat it as a CTF challenge, you can start from low privileged API user and escalate to root user. There is one path to achieve this. API docs are provided to facilitate your hacking adventure. For Security Engineers – utilise various security automation tools such as SAST, DAST, IaC, etc., to test vulnerability detection mechanisms. 🏆 Hall of Fame Participants who were able to complete this challenge are listed in Hall of Fame. Submit your solution and become one of them! Solutions and walkthroughs published before 14.11.2024 may refer to the version available in the linked commit. 🚀 Starting the Game The application can be launched locally in two alternative ways: Developers can play an interactive game where they will investigate and fix vulnerabilities, or Ethical Hackers can identify and exploit vulnerabilities. Furthermore, GitHub Codespaces can be used to run the application easily without a…Read More
poc-devsecops
