Pynt vs OWASP crAPI
Last updated
Last updated
OWASP crAPI (Completely Ridiculous API) is an intentionally vulnerable API designed to help security professionals and developers learn about API security risks. It simulates real-world API security flaws, including:
Broken Object Level Authorization (BOLA)
Broken User Authentication
Excessive Data Exposure
Security Misconfigurations
Injection Attacks
crAPI provides a hands-on environment for practicing API security testing, exploiting vulnerabilities, and learning how to secure APIs effectively. It's useful for penetration testers, security engineers, and developers looking to improve their API security skills.
First we will need to setup crAPI as described here:
Or just use prebuilt images:
The second environment file will make Pynt run the collection twice, simulating traffic for two users. This enables Pynt to perform Business Logic Attacks.
python3 -m pip install pyntcli
Run Pynt with crAPI postman collection: