Henrique Dantas - API fuzzing using Swagger

Preview:

Click to see full reader

Citation preview

Join the conversation #devseccon

Henrique Dantas

@hndantas

API fuzzingusing Swagger

Why API sec testing?

Public

Close to DB model

Ubiquitous

Business driver

Agilityhttps://flic.kr/p/5oTsVq

Solution

Automation

Reporting

Integration

https://flic.kr/p/bxwAxk

Python lib

Extensive and extendible

OSS

Popular

Contains all meta-data

Machine Readable

Swagger & Sulley

http://swagger.io/
https://github.com/OpenRCE/sulley

Join the conversation #devseccon

Now, your turn :)

/hdantas/fuzz

https://github.com/hdantas/fuzz
https://github.com/hdantas/fuzz
https://github.com/hdantas/fuzz

Join the conversation #devseccon

● APIs are good targets● Leverage existing specs for sec testing● Automate, Automate, Automate

@hndantashenrique@restsecured.xyz

Recommended

Mario Dantas Unix-perl
Documents
Dantas Beatriz Go Is
Documents
ASSESSMENT AND EVALUATION - Maria Dantas …dantas-whitney.weebly.com/uploads/7/4/6/9/7469707/... · ASSESSMENT AND EVALUATION Maria Dantas-Whitney, Ph.D. Western Oregon University
Documents
SWAGGER Awards 2014
Documents
What is Swagger?
Technology
Security Testing esp. Fuzzing - E. Poll, - cs.ru.nl · Overview • Testing • Abuse cases & negative tests • Fuzzing –dumb fuzzing –generational aka grammar-based fuzzing
Documents
RuleX for Swagger
Technology
From SAPE to SWAGGER - Deveron Projects · Project Report: Baudouin Mouanda: from SAPE to SWAGGER - page 3 From SAPE to SWAGGER Baudouin Mouanda 1. Introduction SWAGGER Congo-Brazzaville
Documents
Developing Faster with Swagger
Software
Jesus Swagger
Documents
Seventies Swagger
Education
Introducing swagger
Technology
django-rest-swagger Documentation
Documents
Full-speed Fuzzing: Reducing Fuzzing Overhead through
Documents
Nomos software swagger overview
Technology
Dantas, juliana. Vine x Instagram
Internet
From Blackbox Fuzzing to Whitebox Fuzzing towards Verificationsiy117527/sil765/readings/fuzzing testing.pdf · Page 1ISSTA’2010 July 2010 From Blackbox Fuzzing to Whitebox Fuzzing
Documents
Swagger for-your-api
Technology
Swagger introduction - the - whys
Software
Drupalcon PDX Swagger
Technology