DVWAPI
A damn vulnerable web API. Purely for training purposes. Do not use in prod.
Overview
Damn Vulnerable Web API - An intentionally insecure REST API for security testing and training.
[!WARNING] Running this on the open internet will leave the host vulnerable. It is recommended to use the supplied container in a restricted access environment instead. If you choose to host this on the public internet you do so at your own risk!!
DVWAPI is a deliberately vulnerable web application designed for learning and practicing web API security testing. It contains common vulnerabilities found in web APIs including exposed sensitive endpoints, lack of authentication, and information disclosure.