| [APISandbox](https://github.com/API-Security/APISandbox) | Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose. |
96
96
| [crAPI](https://github.com/OWASP/crAPI) | completely ridiculous API (crAPI) |
97
97
| [Damn-Vulnerable-GraphQL-Application](https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application)| Damn Vulnerable GraphQL Application is intentionally vulnerable implementation of Facebook's GraphQL technology to learn and practice GraphQL Security. |
98
-
| [DamnVulnerableMicroServices](https://github.com/ne0z/DamnVulnerableMicroServices) | This is a vulnerable microservice written in many languages to demonstrating OWASP API Top Security Risk (under development)|
99
-
| [dvws-node](https://github.com/snoopysecurity/dvws-node) | Damn Vulnerable Web Service is a vulnerable web service/API/application that we can use to learn webservices/API vulnerabilities. |
98
+
| [DamnVulnerableMicroServices](https://github.com/ne0z/DamnVulnerableMicroServices) | This is a vulnerable microservice written in many languages to demonstrating OWASP API Top Security Risk (under development)|
99
+
| [DamnVulnerableWebServices](https://github.com/snoopysecurity/dvws-node) | Damn Vulnerable Web Services is a vulnerable web service/API/application that we can use to learn webservices/API vulnerabilities. |
100
100
| [Generic-University](https://github.com/InsiderPhD/Generic-University) | Vulnerable API with Laravel App |
101
+
| [node-api-goat](https://github.com/layro01/node-api-goat) | A simple Express.JS REST API application that exposes endpoints with code that contains vulnerabilities. |
101
102
| [Pixi](https://github.com/DevSlop/Pixi) | The Pixi module is a MEAN Stack web app with wildly insecure APIs! |
102
103
| [REST API Goat](https://github.com/optiv/rest-api-goat) | This is a "Goat" project so you can get familiar with REST API testing. |
103
104
| [VAmPI](https://github.com/erev0s/VAmPI)| Vulnerable REST API with OWASP top 10 vulnerabilities for APIs |
104
105
| [vAPI](https://github.com/roottusk/vapi)| vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises. |
106
+
| [vulnapi](https://github.com/tkisason/vulnapi) | Intentionaly very vulnerable API with bonus bad coding practices. |
105
107
| [vulnerable-graphql-api](https://github.com/CarveSystems/vulnerable-graphql-api) | A very vulnerable implementation of a GraphQL API. |
106
108
| [Websheep](https://github.com/marmicode/websheep) | Websheep is an app based on a willingly vulnerable ReSTful APIs. |