Web API Attack Lab: OWASP crAPI
This hands-on lab is crafted to teach you how to identify a serious vulnerability known as BOLA (Broken Object-Level Authorization) using a realistic, intentionally vulnerable API environment called crAPI. You’ll simulate the role of a penetration tester investigating how weak access controls can allow attackers to retrieve private data that doesn’t belong to them.
By CyberTask Engineer · Medium level
14
Tasks
1
Sections
111
Points
1 hr
Duration
What You'll Learn
- Identify and exploit OWASP API Security Top 10 vulnerabilities
- Exploit BOLA, broken authentication, and mass assignment flaws
- Perform JWT token manipulation and NoSQL injection attacks
Prerequisites
- Basic understanding of REST APIs
- HTTP protocol knowledge
Tools & Technologies
Burp Suite
curl
Web Browser
Developer Tools
crAPI
Ready to Begin?
Sign in or create an account to start this lab and earn points.