Built a comprehensive REST API security testing and auditing tool designed for developers to inspect API behaviors and identify security vulnerabilities. The application features an interactive request builder for constructing and dispatching REST API calls with custom headers, methods, and payloads, plus a sophisticated security audit engine that detects OWASP-mapped vulnerabilities (HTTP vs HTTPS, credentials exposure, CORS misconfigurations, missing security headers, stack trace leakage, etc.). Implemented persistent request history with Auth0 authentication, allowing users to save, replay, and compare API calls across sessions. The architecture uses Next.js App Router for the frontend with TypeScript strictness, Drizzle ORM for type-safe database operations on serverless Neon PostgreSQL, and Material-UI v6 for an accessible, responsive interface. Built comprehensive API proxy routes that handle outbound requests server-side to bypass browser CORS restrictions and enforce per-user request scoping. Integrated rate limiting with Upstash Redis and implemented extensive integration test coverage with Jest, mocking Auth0 sessions, HTTP responses, and database state.
This project showcases modern web development practices, clean architecture, and user-centered design principles. It demonstrates the ability to work with complex requirements and deliver solutions that balance functionality, performance, and user experience.
Next.js
TypeScript
React
Auth0
Neon
PostgreSQL
Drizzle ORM
Material-UI
Jest
Upstash
Redis
Vercel
2025
Year Completed
Full-Stack
Category
In Production
Status