+ All Categories

Home > Presentations & Public Speaking > Henrique Dantas - API fuzzing using Swagger

Henrique Dantas - API fuzzing using Swagger

Date post:	12-Apr-2017
Category:	Presentations & Public Speaking
Upload:	devseccon-limited
View:	197 times
Download:	4 times

Download Report this document

Share this document with a friend

Embed Size (px):

6

Join the conversation #devseccon Henrique Dantas @hndantas API fuzzing using Swagger

Transcript

Page 1: Henrique Dantas - API fuzzing using Swagger

Join the conversation #devseccon

Henrique Dantas

@hndantas

API fuzzingusing Swagger

Page 2: Henrique Dantas - API fuzzing using Swagger

Why API sec testing?

Public

Close to DB model

Ubiquitous

Business driver

Agilityhttps://flic.kr/p/5oTsVq

Page 3: Henrique Dantas - API fuzzing using Swagger

Solution

Automation

Reporting

Integration

https://flic.kr/p/bxwAxk

Page 4: Henrique Dantas - API fuzzing using Swagger

Python lib

Extensive and extendible

OSS

Popular

Contains all meta-data

Machine Readable

Swagger & Sulley

http://swagger.io/

https://github.com/OpenRCE/sulley

Page 5: Henrique Dantas - API fuzzing using Swagger

Join the conversation #devseccon

Now, your turn :)

/hdantas/fuzz

https://github.com/hdantas/fuzz

https://github.com/hdantas/fuzz

https://github.com/hdantas/fuzz

Page 6: Henrique Dantas - API fuzzing using Swagger

Join the conversation #devseccon

● APIs are good targets● Leverage existing specs for sec testing● Automate, Automate, Automate

@[email protected]

Recommended

Ohio - Herbert Dantas

From Blackbox Fuzzing to Whitebox Fuzzing towards Verification · Page 1ISSTA’2010 July 2010 From Blackbox Fuzzing to Whitebox Fuzzing towards Verification Patrice Godefroid Microsoft

Swagger Code Generation

fuzzing protocol fuzzing model-based testing automated ...erikpoll/ufrj/4_SecurityTesting.pdf · Security Testing fuzzing protocol fuzzing model-based testing automated reverse engineering

Fuzzing—orhowtohelpcomputerscopewiththeunexpected Fuzzing ...cdn.ttgtmedia.com/.../downloads/RHUL_Fuzzing_final.pdf · RoyalHollowaySeries Fuzzing—orhowtohelpcomputerscopewiththeunexpected

Everybody loves Swagger

swagger issue 1

Biswajit Mazumder Rohit Hooda Arpan Chowdhary. What is Fuzzing? Fuzzing techniques Types of Fuzzing Fuzzing explained Case study and changes:

Full-speed Fuzzing: Reducing Fuzzing Overhead through ...

Finding security vulnerabilities with modern fuzzing …archive.hack.lu/2018/Slides_Fuzzing_Workshop_Hack.lu_v1...Definition of fuzzing (source Wikipedia): Fuzzing or fuzz testing

Smart COM Fuzzing they were for ActiveX fuzzing, not COM ...

From Blackbox Fuzzing to Whitebox Fuzzing towards Verificationsiy117527/sil765/readings/fuzzing testing.pdf · Page 1ISSTA’2010 July 2010 From Blackbox Fuzzing to Whitebox Fuzzing

RENATO DANTAS ALENCAR

Drupalcon PDX Swagger

Swagger code motion talk

Build Swagger definition - Sample

Patricia Dantas

Swagger Assessment Skills Instructions