🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.
-
Updated
May 22, 2023
#
bola
Here are 6 public repositories matching this topic...
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.
graphql jwt xss penetration-testing fuzzing sql-injection nuclei api-testing burp-extensions vulnerability-scanner security-testing api-security ai-security idor burp-suite turbo-intruder bola owasp-api-top-10 burp-intruder
-
Updated
Dec 30, 2025 - Python
Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
security hacktoberfest hackerone owasp-top-10 security-testing broken-authentication broken-authorization hacktoberfest2023 api-security-testing bola api-misconfigutation
-
Updated
Mar 2, 2026
Advanced security research lab on BOLA (CWE-285) and IDOR in RESTful architectures. Features a Flask-based API gateway and a Python-engineered exploit engine demonstrating Account Takeover (ATO) via JSON payload manipulation. Includes enterprise remediation strategies using cryptographically signed session claims and server-side authorization.
appsec python-security owasp-top-10 account-takeover api-security idor broken-authorization bola cybersecurity-portfolio rest-api-exploit
-
Updated
Feb 25, 2026 - Python
API security assessment of OWASP Juice Shop with report, BOLA/IDOR PoCs, and remediation.
-
Updated
Aug 16, 2025
Improve this page
Add a description, image, and links to the bola topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the bola topic, visit your repo's landing page and select "manage topics."