Update the OpenAPI Specification[🚀] #1328
Comments
|
Thanks a lot for opening your first issue with us! 🧡 We'll get back to you shortly! ⏳ If it was a Support Request, please consider asking on the community chat next time! 💬 |
|
I verified just now that Juice Shop OAS describe only 'API for our enterprise customers'. So, I suggest the creation of a new OAS to describe the 'private' APIs. |
|
The existing B2B API is housing two hacking challenges. There is no functional need to add any other similar API descriptions from my point of view. What kind of update are you suggesting exactly? The |
|
Using an API contract, like OAS, allows you to use newer solutions for API protection (thus new vulnerabilities), and with that, new challenges. For example, when we know what kind of query parameter is expected, it is easier to mitigate injection attacks and detect parameter tampering. |
|
Okay, but having this for the generated The "storyline" behind not having this, is kind of "the developers were too lazy to document the API or create a contract in front of it. Nobody will ever use that API directly anyway, it's only there for our own frontend." |
|
Indeed, having an Open API specification would make current challenges a lot easier. Actually, I hadn't thought about that. |
|
This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs. |
🚀 Feature request
Description
Once the OWASP API Security Top 10 2019 items were added to OWASP Juice Shop challenge categories (juice-shop/pwning-juice-shop@7abe69d), I think would be great if the Juice Shop OAS were updated.
Solution ideas
Currently, the main tool to create and update OASs is Swagger Editor , despite there extensions to several code editors (ie. Eclipse, VS Code, and Atom).
The text was updated successfully, but these errors were encountered: