OWASP API Security Testing Framework

A comprehensive automated testing framework for detecting API security vulnerabilities based on the OWASP API Security Top 10.

Overview

The OWASP API Security Testing Framework (ASTF) helps security professionals and developers identify vulnerabilities in their APIs through automated testing. Built with enterprise needs in mind, it provides detailed security analysis and integrates with modern CI/CD pipelines.

Features

Automated detection of API-specific vulnerabilities
Comprehensive test coverage of OWASP API Security Top 10
Support for REST, GraphQL, and gRPC APIs
CI/CD integration capabilities
Detailed vulnerability reporting
Custom rule creation
Remediation guidance

Getting Started

Prerequisites

Java 17 or higher
Maven 3.6+

Installation

# Clone the repository
git clone https://github.com/OWASP/www-project-api-security-testing-framework.git
# Build the project
cd api-security-testing-framework
mvn clean install

Basic Usage

# Run a basic scan
java -jar target/api-security-testing-framework-1.0-SNAPSHOT.jar scan \
  --target https://api.example.com \
  --auth-header "Authorization: Bearer YOUR_TOKEN"

Project Structure

api-security-testing-framework/
├── src/
│   ├── main/
│   │   ├── java/org/owasp/astf/
│   │   │   ├── core/          # Core scanning engine
│   │   │   ├── testcases/     # API security test cases
│   │   │   ├── integrations/  # CI/CD integrations
│   │   │   └── cli/           # Command line interface
│   │   └── resources/         # Configuration files
│   └── test/                  # Test cases
├── docs/                      # Documentation
└── examples/                  # Usage examples

Documentation

For more detailed information, please refer to our Documentation.

Framework Overview

For detailed understand on the framework, please refer to our Framework Overview.

Architecture

Please refer to our Architecture.

Contributing

We welcome contributions from the community! Please see our Contributing Guidelines for more information on how to get involved.

Roadmap

See our Project Roadmap for upcoming features and plans.

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

Code of Conduct

This project adheres to the OWASP Code of Conduct. By participating, you are expected to uphold this code.

Contact

Project Leader: [Govindarajan Lakshmikanthan]
GitHub: @GovindarajanL
OWASP Project Page: OWASP API Security Testing Framework
Slack: #project-api-security-testing-framework

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
.github/ISSUE_TEMPLATE		.github/ISSUE_TEMPLATE
assets/images		assets/images
docs		docs
src		src
.gitignore		.gitignore
404.html		404.html
CONTRIBUTING.md		CONTRIBUTING.md
Gemfile		Gemfile
LICENSE.md		LICENSE.md
README.md		README.md
SECURITY.md		SECURITY.md
_config.yml		_config.yml
index.md		index.md
info.md		info.md
leaders.md		leaders.md
pom.xml		pom.xml
tab_example.md		tab_example.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

OWASP API Security Testing Framework

Overview

Features

Getting Started

Prerequisites

Installation

Basic Usage

Project Structure

Documentation

Framework Overview

Architecture

Contributing

Roadmap

License

Code of Conduct

Contact

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 4

Languages

License

OWASP/www-project-api-security-testing-framework

Folders and files

Latest commit

History

Repository files navigation

OWASP API Security Testing Framework

Overview

Features

Getting Started

Prerequisites

Installation

Basic Usage

Project Structure

Documentation

Framework Overview

Architecture

Contributing

Roadmap

License

Code of Conduct

Contact

About

Resources

License

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 4

Languages

Packages