🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.
-
Updated
May 22, 2023
#
bola
Here are 13 public repositories matching this topic...
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.
graphql jwt xss penetration-testing fuzzing sql-injection nuclei api-testing burp-extensions vulnerability-scanner security-testing api-security ai-security idor burp-suite turbo-intruder bola owasp-api-top-10 burp-intruder
-
Updated
Mar 21, 2026 - Python
Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities
security hacktoberfest hackerone owasp-top-10 security-testing broken-authentication broken-authorization hacktoberfest2023 api-security-testing bola api-misconfigutation
-
Updated
Mar 24, 2026
Broken Object Level Authorization (BOLA) combined with credentialed CORS misconfiguration enables cross-user, cross-origin authenticated document exfiltration.
-
Updated
Mar 1, 2026 - JavaScript
Broken Object Level Authorization (BOLA) enables cross-user document viewing, modification, and unauthorized deletion via direct object reference.
-
Updated
Mar 1, 2026
API security assessment of OWASP Juice Shop with report, BOLA/IDOR PoCs, and remediation.
-
Updated
Aug 16, 2025
Advanced security research lab on BOLA (CWE-285) and IDOR in RESTful architectures. Features a Flask-based API gateway and a Python-engineered exploit engine demonstrating Account Takeover (ATO) via JSON payload manipulation. Includes enterprise remediation strategies using cryptographically signed session claims and server-side authorization.
appsec python-security owasp-top-10 account-takeover api-security idor broken-authorization bola cybersecurity-portfolio rest-api-exploit
-
Updated
Feb 25, 2026 - Python
API security lab demonstrating Broken Object Level Authorization (IDOR/BOLA) and proper authorization enforcement.
-
Updated
Mar 13, 2026 - Python
API Security Testing Framework covering OWASP API Security Top 10 with 10 modules including BOLA, Authentication, SSRF, Injection, Rate Limiting, CORS, and Mass Assignment, generates JSON and HTML reports, and runs fully on-premises.
python open-source cors authentication rest-api injection rate-limiting owasp authorization cybersecurity penetration-testing appsec ssrf devsecops vulnerability-scanner security-testing api-security idor bola owasp-api-top-10
-
Updated
Mar 9, 2026 - Python
Security-first Spring Boot 4 API with JWT auth, AES-GCM encrypted secret storage, AI-based security analytics (explainable risk scoring + z-score anomaly detection), admin monitoring APIs, Docker, and CI.
java docker jwt encryption spring-boot maven rest-api integration-testing postgresql spring-security cybersecurity aes-gcm anomaly-detection api-security idor security-monitoring github-actions gitleaks risk-scoring bola
-
Updated
Mar 4, 2026 - Java
API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven templates
graphql rest-api grpc openapi owasp penetration-testing application-security api-testing security-tools api-security capability bola authorization-testing owasp-api-security
-
Updated
Mar 26, 2026 - Go
Improve this page
Add a description, image, and links to the bola topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the bola topic, visit your repo's landing page and select "manage topics."