| layout | col-sidebar |
|---|---|
| title | OWASP OFFAT |
| tags | api-security |
| level | 2 |
| type | code, tool |
| pitch | Tests your API automatically for common API vulnerabilities after generating tests from provided openapi specification file. |
OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from openapi specification file. It provides feature to automatically fuzz inputs and use user provided inputs during tests specified via YAML config file.
- Restricted HTTP Methods
- SQLi
- BOLA
- Data Exposure
- BOPLA / Mass Assignment
- Broken Access Control
- Basic Command Injection
- Basic XSS/HTML Injection test
- Few Security Checks from OWASP API Top 10
- Automated Testing
- User Config Based Testing
- API for Automating tests and Integrating Tool with other platforms/tools
- CLI tool
- Dockerized Project for Easy Usage
- Open Source Tool with MIT License
- Install Tool using pip
python -m pip install offat- Run Tool
offat -f swagger_file.json- For more usage options read Project Repo README.md