A deliberately vulnerable REST API for students to identify and fix security issues.
Implemented fixes for OWASP API Security Top 10 (2023) vulnerabilities using:
- Java 17 & Spring Boot
- JWT for authentication
- BCrypt for password hashing
- DTOs to prevent sensitive data exposure
- Role-based access control & ownership checks
- Rate limiting (Bucket4j / Resilience4j)
- Input validation & error handling
- Fixed BOLA/IDOR, broken auth, mass assignment, excessive data exposure, and more.
- Ensured secure, production-ready API while preserving functionality.