API-Security
rift-explorer
Our great sponsors
API-Security | rift-explorer | |
---|---|---|
15 | 4 | |
1,933 | 544 | |
1.8% | - | |
6.2 | 0.0 | |
11 days ago | about 1 year ago | |
Dockerfile | CSS | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
API-Security
-
What's the problem with my API?
Check the top 10 API security by OWASP
-
Quick Privacy Question
In the end this is a security oversight known as excessive data exposure (OWASP - API3:2019) of Riot and as long as they keep sending this info people will be able to see it.
-
Implementing decent security
Check out ----, https://github.com/OWASP/API-Security
-
API without authentication severity?
If incorrect API authentication mechanisms implementation considered as Broken User Authentication, how severe the one without authentication at all? Critical? or high?
-
Feedbak for an article on API Security Maturity Model+
The OWASP top 10 API security risks are posted on their GitHub here. As OWASP shows, because APIs are open to the network:
-
API10:2019 - Insufficient Logging & Monitoring
More cases and prevention methods can be found on the OWASP API Security Top 10 official repository
- API9:2019 - Improper Assets Management
- API8:2019 - Injection
-
API7:2019 - Security Misconfiguration
OWASP API-Security repo
- API6:2019 - Mass Assignment
rift-explorer
-
Quick Privacy Question
Basically, whenever you do anything on the client, be it active things like selecting a skin in champ select to random stuff like showing up as online, the "website" will send a request to its own backend/server. You can view these endpoints with stuff like RiftExplorer. Using them is documented and allowed as long as it adheres to the general Riot Developer policies and the League Client development policies and this is also how stuff like Blitz was able to import runes and summoner spells etc. I am guessing it is not allowed to show the usernames in ranked lobbies though.
- I made a script which auto-accept games, prepick your champ, ban the champ you want, pick your champ and alert you when your game started (Made for Ranked / Draft)
-
The interface of the world's most popular game
Rift Explorer allows you to view all the built-in methods/functions, meaning you skip the graphical interface and can interact with the game directly by sending requests. Start with "GET" requests - they simply retrieve data. You can google request types and learn more about them.
-
doinb ryze hack insane!! rito client go brrrr 100% ez
cringe. https://github.com/MManoah/league-profile-tool https://github.com/Pupix/rift-explorer/releases
What are some alternatives?
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
league-profile-tool - An application that lets you make specific requests to the LCU api to change how your profile looks
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
disenchant-champ-shards
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
HextechButBetter - Grab latest release in the link below
Security_Engineer_Interview_Questions - Every Security Engineer Interview Question From Glassdoor.com
KBot - League of Legends external script with kernel memory reading
offensiveinterview - Interview questions to screen offensive (red team/pentest) candidates
lcu-event-viewer - JSON event viewer for the LCU
Interview_Tips - Summary of Cyber Security interview questions I have been through, hope this helps
KBotExt - All-in-one application that sends custom requests to League of Legends LCU api