diff --git a/README.md b/README.md index d4d166c..0096fdb 100644 --- a/README.md +++ b/README.md @@ -7,13 +7,13 @@ [![PHP](https://img.shields.io/badge/php-7.3^-yellow)](https://github.com/roottusk/vapi) [![Laravel](https://img.shields.io/badge/Laravel-8-orange)](https://github.com/roottusk/vapi) [![Issues](https://img.shields.io/github/issues-closed/roottusk/vapi?color=%23eb3434)](https://github.com/roottusk/vapi/issues) +

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises. - # Requirements * PHP @@ -45,7 +45,6 @@ Import `vapi.sql` into MySQL Database Configure the DB Credentials in the `vapi/.env` - ## Starting MySQL service Run following command (Linux) @@ -79,6 +78,19 @@ Browse `http://localhost/vapi/` for Documentation After Sending requests, refer to the Postman Tests or Environment for Generated Tokens +## Authorization + +The `Authorization-Token` is a base64 encoded result of the username and password combined in the following format: `username:password` + +**Example:** +- Username: `foo` +- Password: `foo` +- Combined: `foo:foo` +- Base64 Encoded: `Zm9vOmZvbw==` +- Authorization-Token Header: `Zm9vOmZvbw==` + +Use this token in the `Authorization-Token` header when making API requests. + # Deployment [Helm](https://helm.sh/) can be used to deploy to a Kubernetes namespace. The chart is in the `vapi-chart` folder. The chart requires one secret named `vapi` with the following values: @@ -95,6 +107,7 @@ Sample Helm Install Command: `helm upgrade --install vapi ./vapi-chart --values= The MYSQL_ROOT_PASSWORD on line 232 in the `values.yaml` must match that on line 184 in order to work. # Presented At + [OWASP 20th Anniversary](https://owasp20thanniversaryevent20.sched.com/event/ll1k) [Blackhat Europe 2021 Arsenal](https://www.youtube.com/watch?v=7_Q5Rlm7Too) @@ -103,12 +116,12 @@ The MYSQL_ROOT_PASSWORD on line 232 in the `values.yaml` must match that on line [@Hack, Riyadh, KSA](https://athack.com/speakers?keys=Tushar) - # Upcoming [APISecure.co](https://apisecure.co/) # Mentions and References + [1] https://apisecurity.io/issue-132-experian-api-leak-breaches-digitalocean-geico-burp-plugins-vapi-lab/ [2] https://dsopas.github.io/MindAPI/references/ @@ -134,4 +147,3 @@ The MYSQL_ROOT_PASSWORD on line 232 in the `values.yaml` must match that on line # Acknowledgements * The icon and banner uses image from [Flaticon](https://www.flaticon.com/free-icon/bug_190835) -