VulnerabilityAPI is a rest API oriented towards learning about vulnerabilities affecting modern web applications. Each vulnerability is hosted in a controller that contains, on the one hand, the development of an insecure form, and on the other hand, solutions provided for said vulnerability, that is, secure form development. Requests can be made to different parts of the code to debug and see how the vulnerability behaves. The project will continue to grow and new vulnerabilities will be added.
The vulnerabilities currently provided are:
- SQL injection
- Modify the connection to the database in the appsettings file. In the example: DESKTOP-7C8R4SU\SQLEXPRESS
- Run the script found in the Utils folder, Database.sql
- Launch the API with Visual Studio and it will be ready for testing
In the following talk, at the end of it, a test of the API with the SQL injection vulnerability is carried out.
https://www.youtube.com/watch?v=lQqknAi-nFg