{"name":"STURSEC API Security CTF","version":"1.0.0","description":"A deliberately vulnerable API for learning API security","endpoints":[{"path":"/api/login","vulnerability":"Weak JWT Secret"},{"path":"/api/search","vulnerability":"Excessive Data Exposure"},{"path":"/api/cars/{id}","vulnerability":"IDOR"},{"path":"/api/profile","vulnerability":"Missing Authentication"},{"path":"/api/admin/stats","vulnerability":"Broken Access Control"},{"path":"/api/orders","vulnerability":"Mass Assignment"},{"path":"???","vulnerability":"Hidden Debug Endpoint"}],"flag_format":"STURSEC{...}","documentation":"/docs"}