reddit hackernews mail facebook facebook linkedin


A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

The Checkmarx research team created c{api}tal to provide users with an active playground in which they hone their API Security skills.
The c{api}tal application contains 10 API challenges which map to the OWASP top 10 API risks.
It is built with Python (FastAPI) and JS (React).

c{api}tal can also be used for conducting your own API Security CTF event.

- Contains 10 challenges based on the OWASP top 10 API risks
- Built on FastAPI (backend) and React (frontend)
- UI - Blogging website
- OpenAPI3 API JSON specification file that can be imported as a POSTMAN collection
- JWT token based authentication

c{api}tal is a blogging application which allow users to register, create and delete posts, create and delete comments, follow other users, and more.