Calling all security researchers, developers, and API security enthusiasts! Create an API with known vulnerabilities, run the APIsec scanner against it, and report any flaws that were missed. Find a gap, get a reward.
Create an API containing one or more known security flaws.
Vulnerabilities should be intentional and documentable (e.g., broken authentication, excessive data exposure, BOLA, etc.).
The API must be deployed in a testable environment (self-hosted, cloud, or sandbox).
Scan your API using the APIsec automated security scanner.
Document any security issues that APIsec successfully detects.
If APIsec fails to identify a vulnerability present in the API, submit a detailed report, including:
~ API documentation & endpoint details
~ Vulnerability type and proof-of-concept (PoC)
~ Steps to reproduce
~ Expected vs. actual scan results
Improve your API security knowledge in a hands-on way and gain recognition as an API security expert. If the missed vulnerability is valid and reproducible, you'll get a reward based on severity
Rewards Include:
Rules of Participation: