Skip to content

daniel-steward/hack-an-api-workshop

BranchesTags

Repository files navigation

🛡️ Hack into an API

A hands-on, 45-minute security workshop where you play the attacker. Exploit real vulnerabilities in a deliberately insecure ASP.NET Core API — SQL injection, path traversal, information leakage, and a timing attack — then learn how to defend against them.

📋 Prerequisites

Requirement Version
.NET SDK 10.0+
An IDE Rider, Visual Studio, or VS Code

No other tools or accounts are needed — everything runs locally.

🚀 Getting Started

1. Clone the repository

git clone <repo-url>
cd hack-an-api-workshop

2. Start the API (keep this running)

dotnet run -c Release --project HackWorkshop/HackWorkshop.csproj

The API will be available at http://localhost:5259.

3. Run the tests (in a second terminal)

dotnet test

You should see 4 failing tests — your job is to make them pass by exploiting the vulnerabilities.

4. Open the test file

Open HackWorkshop.Tests/SecurityExploitTests.cs in your IDE. Each test has a TODO comment explaining what you need to do.

📚 Further Reading

Solutions are available on the solutions branch.

Good luck, and happy hacking! 🎉

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages