Damn Vulnerable Python API is a python based web services (API) which is intentionally designed to be vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help developers better understand the processes of securing Python based web services and to aid both students & teachers to learn about Python based web services security in a controlled class room environment.
14th August 2022 - v0.1
2nd September 2022 - v0.2
- Unauthenticated access to API endpoint
- Use of Basic Authentication
- Use of weak credentials
- RCE via subprocess
- Insecure file upload
git clone https://github.com/yunaranyancat/dvpa
cd dvpa
pip3 install -r requirements.txt
python3 run.py