Skip to content

pipicodes/secure-api-security-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
screenshots
screenshots
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
attack_demo.md
attack_demo.md
 
 
main.py
main.py
 
 
secure_api.py
secure_api.py
 
 

Repository files navigation

Secure API Security Lab

A small hands-on API security project demonstrating a Broken Access Control / IDOR-style vulnerability and its remediation using basic authentication and authorization checks in FastAPI.

Project Scope

This lab includes:

  • a vulnerable API version
  • a remediated API version
  • curl-based security testing
  • screenshots of authorization test results

Disclaimer

This project is a personal learning lab created to demonstrate API security concepts such as Broken Access Control and authorization checks.

All data, users, and scenarios are simulated and do not represent any real system or organization.

Security Tests

Authorization Tests

The secure API was tested using curl commands to verify authentication and authorization controls.

Successful request, access denied, and missing header

Security Test

Invalid header values

Invalid Header Test

About

API security lab demonstrating Broken Access Control (IDOR-style vulnerability) and secure authorization checks using FastAPI.

Topics

python owasp cybersecurity security-testing api-security fastapi broken-access-control

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages