Henrique Dantas - API fuzzing using Swagger
6
Join the conversation #devseccon Henrique Dantas @hndantas API fuzzing using Swagger
-
Upload
devseccon-limited -
Category
Presentations & Public Speaking
-
view
199 -
download
4
Transcript of Henrique Dantas - API fuzzing using Swagger
Join the conversation #devseccon
Henrique Dantas
@hndantas
API fuzzingusing Swagger
Why API sec testing?
Public
Close to DB model
Ubiquitous
Business driver
Agilityhttps://flic.kr/p/5oTsVq
Solution
Automation
Reporting
Integration
https://flic.kr/p/bxwAxk
Python lib
Extensive and extendible
OSS
Popular
Contains all meta-data
Machine Readable
Swagger & Sulley
Join the conversation #devseccon
Now, your turn :)
/hdantas/fuzz
Join the conversation #devseccon
● APIs are good targets● Leverage existing specs for sec testing● Automate, Automate, Automate