Skip to content

Nautevol07VII-111/Secure-Banking-API-with-Vulnerability-Simulator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
.vscode
.vscode
 
 
secure-banking-api
secure-banking-api
 
 
src
src
 
 
target
target
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Secure Banking API & Security Testing Framework

This repository contains two integrated projects:

  1. Secure Banking API: A RESTful banking API implementation with configurable security controls
  2. API Security Testing Framework: A companion tool for testing and exploiting API vulnerabilities

Project 1: Secure Banking API

A fully-functional banking API that implements industry-standard security controls with the unique ability to selectively enable/disable security vulnerabilities for educational purposes.

Features

  • Complete User Management

    • Registration with validation
    • Secure login with rate limiting
    • Profile management
    • Password reset functionality

  • Banking Operations

    • Account creation and management
    • Balance checking
    • Statement generation
    • Account linking/delinking

  • Transaction Processing

    • Internal transfers
    • External transfer simulation
    • Transaction history and search

  • Security Controls

    • JWT authentication with proper signing
    • OAuth2 authorization
    • Multi-factor authentication
    • Role-based access control
    • Input validation
    • Rate limiting and request throttling

  • Vulnerability Simulator

    • Admin interface for enabling/disabling vulnerabilities
    • Configurable SQL injection vulnerabilities
    • Authentication bypass options
    • Authorization control toggles

Technology Stack

  • Backend: Node.js/Express or Java Spring Boot
  • Database: PostgreSQL/MySQL
  • Documentation: OpenAPI/Swagger
  • Authentication: JWT, OAuth2

Project 2: API Security Testing & Exploitation Framework

A modular framework for discovering, testing, and exploiting vulnerabilities in web APIs.

Features

  • Discovery & Enumeration

    • Passive endpoint collection
    • Active endpoint discovery through spidering
    • Authentication mechanism detection
    • API specification analysis (OpenAPI, GraphQL, WADL)

  • Vulnerability Testing

    • OWASP API Top 10 test modules
    • Custom payload generation
    • Parallel test execution

  • Reporting & Analysis

    • Comprehensive vulnerability reports
    • Evidence collection
    • False positive reduction

Technology Stack

  • Node.js with modules:
    • Axios for HTTP handling
    • Commander for CLI interface
    • Cheerio and Puppeteer for parsing and crawling

Getting Started

Prerequisites

  • Node.js (v14+) or Java JDK 11+
  • PostgreSQL or MySQL
  • npm or Maven

Installation

# Clone the repository
git clone https://github.com/yourusername/secure-banking-api
cd secure-banking-api

# Install dependencies
npm install
# OR
mvn install

Configuration

  1. Create a .env file with your database and security settings
  2. Configure your database connection
  3. Set up JWT keys and other security parameters

Running the API

npm start
# OR
mvn spring-boot:run

Running the Security Testing Framework

cd api-security-framework
npm install
npm start -- --target http://localhost:3000/api

Learning Resources

  • RESTful API Design: "RESTful Web Services" by Leonard Richardson
  • Database Security: OWASP Database Security Cheat Sheet
  • API Security: "API Security in Action" by Neil Madden
  • JWT Security: "JWT Handbook" by Auth0
  • Vulnerability Testing: "Web Application Hacker's Handbook"

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • OWASP API Security Project
  • Financial API Security best practices

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages