| [dvws-node](https://github.com/snoopysecurity/dvws-node) | Damn Vulnerable Web Service is a vulnerable web service/API/application that we can use to learn webservices/API vulnerabilities. |
87
87
| [Generic-University](https://github.com/InsiderPhD/Generic-University) | Vulnerable API with Laravel App |
88
88
| [Pixi](https://github.com/DevSlop/Pixi) | The Pixi module is a MEAN Stack web app with wildly insecure APIs! |
89
+
| [REST API Goat](https://github.com/optiv/rest-api-goat) | This is a "Goat" project so you can get familiar with REST API testing. |
89
90
| [VAmPI](https://github.com/erev0s/VAmPI)| Vulnerable REST API with OWASP top 10 vulnerabilities for APIs |
90
91
| [vAPI](https://github.com/roottusk/vapi)| vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises. |
92
+
| [vulnerable-graphql-api](https://github.com/CarveSystems/vulnerable-graphql-api) | A very vulnerable implementation of a GraphQL API. |
91
93
| [Websheep](https://github.com/marmicode/websheep) | Websheep is an app based on a willingly vulnerable ReSTful APIs. |