Upload
devseccon-limited
View
200
Download
4
Embed Size (px)
Citation preview
Join the conversation #devseccon
Henrique Dantas
@hndantas
API fuzzingusing Swagger
Why API sec testing?
Public
Close to DB model
Ubiquitous
Business driver
Agilityhttps://flic.kr/p/5oTsVq
Solution
Automation
Reporting
Integration
https://flic.kr/p/bxwAxk
Python lib
Extensive and extendible
OSS
Popular
Contains all meta-data
Machine Readable
Swagger & Sulley
Join the conversation #devseccon
Now, your turn :)
/hdantas/fuzz
Join the conversation #devseccon
● APIs are good targets● Leverage existing specs for sec testing● Automate, Automate, Automate