SlideShare a Scribd company logo

Automated API pentesting using fuzzapi

Download as PPTX, PDF
Abhijeth D
Abhijeth D

Fuzzapi is an API Fuzzer that will help Developers/Pen Testers to fuzz APIs and find few commonly found vulnerabilities. The tool can be integrated into the build pipeline to allow developers to identify vulnerabilities prior to Pen Testing. Also, Pen testers can also use this tool against various APIs during their testing which will allow them to automate few tasks.

Internet
1 of 42
Automating API Pen Testing using Fuzzapi just another tool?
About us Abhijeth Dugginapeddi @abhijeth Application Security Likes training, spreading awareness Got some bugs in Google/FB/Yahoo/Microsoft etc Among top 5 bug hunters on Synack Srinivas Rao Kotipalli @srini0x00 Security Engineer Author, Speaker, Trainer Blogs at androidpentesting.com Author of “Hacking Android” Lalith Rallabhandi @lalithr95 Developer Intern Blogger, Coder, Security Enthusiast Does bounties when free and found bugs With Microsoft/Google/FB/Badoo etc
Only @abhijeth @srini0x00 and @lalithr95 are responsible for whatever is on the slides Nobody else is responsible for anything else we say
Next 45 minutes -Why -What -How
Source giphy
Source http://vignette2.wikia.nocookie.net/garfield/images/4/43/Garfield_the_Cat.png/revision/latest?cb=2015050 8141623
Source reddit
On a serious note • What is fuzzAPI • How to use fuzzAPI • Need for automating Pen Testing APIs • Developer vs Pen tester use cases • Continuous Integration • Spread the smile ☺
#fuzzAPI • Open Source REST API Fuzzer • Test for vulnerabilities while writing your code • Helps Pen testers to fasten their testing • Covers most top attacks on APIs • Built in Ruby on Rails
Rest API Penetration Testing Authorization Authentication Input validations Others ☺ Common checks
#welovebugs
This is Twitter Source: @wesecureapp
Source: @wesecureappSource: @wesecureapp
Facebook ☺ Credits: www.pranavhivarekar.in
Interesting?
Can you automate such attacks?
May be!!
But why do you want to automate?
People don’t have time Source: giphy
• There are companies/teams who deploy code to production >10 times every day • Developers can do basic testing • Penetration testers can save a lot of time • Penetration testers can work on logical stuff • Easier to fix vulnerabilities sooner than later Continuous Integration
Source memegenerator
No But a part of it can be automated.
Cool stuff about Fuzzapi Access Control Violation XXE Other regular vulns like XSS/SQLi.. etc Privilege Escalation Rate limiting
Not so cool stuff!!
Demo Source memegenerator
#if demo doesn’t work
#if demo doesn’t work
#if demo doesn’t work
How stuff works API_Fuzzer – Ruby gem Fuzzapi -- Rails application
#fuzzapi API_fuzzer gem
Code walk through
Fuzzapi approach for XXE • XxeCheck performs a call with payload to internal server • If status: OK – fuzzapi confirms XXE
Fuzzapi sample approach for Privilege Escalation
Fuzzapi sample approach for Rate limiting • Fuzzapi sends multiple sample requests and waits for timeout/error • Failure in limiting requests allows to perform this check
Docker :D :D m/
Continuous integration --Rails !!! • Identify test requests • Use API_Fuzzer module with test request • Run scans
Developer’s eye Security Engineer’s eye Work with developers to help them configure stuff Add more checks ☺ Use it while doing security testing Train developers to understand/fix vulns Having scrum meetings about findings/fixes Customizing fuzzapi according to organization’s requirement Add more checks ☺ Testing APIs while writing code
Roadmap for fuzzapi/us Add more checks Write more blogs Make more tutorial videos Write more tools Repeat
Oh yea btw :D Don’t you want links to download? API_Fuzzer gem: https://github.com/lalithr95/API-fuzzer fuzzapi: https://github.com/lalithr95/Fuzzapi For queries/concerns/feedback/rant: Twitter: @abhijeth @lalithr95 @srini0x00
It’s 2016 and if you still don’t know about bug bounties/responsible disclosures, you should say hi to these guys @Bugcrowd @synack @Hacker0x01
Thanks ☺ and all the security folks for contributing to the open source community 

Recommended

Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite StarterFadi Abdulwahab
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST APINutan Kumar Panda
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 

Recommended

Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite StarterFadi Abdulwahab
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST APINutan Kumar Panda
 
Practical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectivePractical Application of the API Security Top Ten: A Tester's Perspective
Practical Application of the API Security Top Ten: A Tester's PerspectiveRajniHatti
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 
API Security Fundamentals
API Security FundamentalsAPI Security Fundamentals
API Security FundamentalsJosé Haro Peralta
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
API Testing
API TestingAPI Testing
API TestingBikash Sharma
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Api testing
Api testingApi testing
Api testingKeshav Kashyap
 
Burp suite
Burp suiteBurp suite
Burp suiteYashar Shahinzadeh
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim HegazyHackIT Ukraine
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0n|u - The Open Security Community
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 

More Related Content

What's hot

OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim HegazyHackIT Ukraine
 

What's hot (20)

OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Sql injection
Sql injectionSql injection
Sql injection
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
 
API Security Fundamentals
API Security FundamentalsAPI Security Fundamentals
API Security Fundamentals
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection
 
Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
 
API Testing
API TestingAPI Testing
API Testing
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Api testing
Api testingApi testing
Api testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 

Viewers also liked

Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Syntribos API Security Test Automation
Syntribos API Security Test AutomationSyntribos API Security Test Automation
Syntribos API Security Test AutomationMatthew Valdes
 
REST API testing with SpecFlow
REST API testing with SpecFlowREST API testing with SpecFlow
REST API testing with SpecFlowAiste Stikliute
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...appsec
 
Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Abhijeth D
 
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by AbhijethHow to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by AbhijethAbhijeth D
 
Automation testing API in Java
Automation testing API in JavaAutomation testing API in Java
Automation testing API in JavaWix.com
 
Automation framework
Automation framework Automation framework
Automation framework ITeLearn
 
Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The WebMichael Coates
 
WSO2 Test Automation Framework : Approach and Adoption
WSO2 Test Automation Framework : Approach and AdoptionWSO2 Test Automation Framework : Approach and Adoption
WSO2 Test Automation Framework : Approach and AdoptionWSO2
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScriptJonathan LeBlanc
 

Viewers also liked (20)

Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
JSON Injection
JSON InjectionJSON Injection
JSON Injection
 
Syntribos API Security Test Automation
Syntribos API Security Test AutomationSyntribos API Security Test Automation
Syntribos API Security Test Automation
 
REST API testing with SpecFlow
REST API testing with SpecFlowREST API testing with SpecFlow
REST API testing with SpecFlow
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...
 
Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015
 
API TEST
API TESTAPI TEST
API TEST
 
API TEST
API TESTAPI TEST
API TEST
 
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by AbhijethHow to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
 
Automation testing API in Java
Automation testing API in JavaAutomation testing API in Java
Automation testing API in Java
 
Automation framework
Automation framework Automation framework
Automation framework
 
Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The Web
 
WSO2 Test Automation Framework : Approach and Adoption
WSO2 Test Automation Framework : Approach and AdoptionWSO2 Test Automation Framework : Approach and Adoption
WSO2 Test Automation Framework : Approach and Adoption
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScript
 
A perspective on web testing.ppt
A perspective on web testing.pptA perspective on web testing.ppt
A perspective on web testing.ppt
 
Frisby Api automation
Frisby Api automationFrisby Api automation
Frisby Api automation
 

Similar to Automated API pentesting using fuzzapi

Flavius olaru logicless ui prototyping with node js
Flavius olaru logicless ui prototyping with node jsFlavius olaru logicless ui prototyping with node js
Flavius olaru logicless ui prototyping with node jsCodecamp Romania
 
Well Crafted API Models – Key to Streamlining Workflows
Well Crafted API Models – Key to Streamlining WorkflowsWell Crafted API Models – Key to Streamlining Workflows
Well Crafted API Models – Key to Streamlining WorkflowsAxway
 
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with AppiumSrijan Technologies
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonSmartBear
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfsivaganeshsivakumar1
 
Testing API's: Tools & Tips & Tricks (Oh My!)
Testing API's: Tools & Tips & Tricks (Oh My!)Testing API's: Tools & Tips & Tricks (Oh My!)
Testing API's: Tools & Tips & Tricks (Oh My!)Ford Prior
 
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 201510 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015Peter Sabev
 
KrishnaToolComparisionPPT.pdf
KrishnaToolComparisionPPT.pdfKrishnaToolComparisionPPT.pdf
KrishnaToolComparisionPPT.pdfQA or the Highway
 
Inside Story: Scratching the Black Box - API
Inside Story: Scratching the Black Box - APIInside Story: Scratching the Black Box - API
Inside Story: Scratching the Black Box - APIRavisuriya .
 
Espresso testing
Espresso testingEspresso testing
Espresso testingvodqancr
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays
 
API Testing with Frisby and Mocha
API Testing with Frisby and MochaAPI Testing with Frisby and Mocha
API Testing with Frisby and MochaLyudmila Anisimova
 
Acceptance & Functional Testing with Codeception - SunshinePHP 2016
Acceptance & Functional Testing with Codeception - SunshinePHP 2016Acceptance & Functional Testing with Codeception - SunshinePHP 2016
Acceptance & Functional Testing with Codeception - SunshinePHP 2016Joe Ferguson
 
Api complete life cycle with api security
Api complete life cycle with api securityApi complete life cycle with api security
Api complete life cycle with api securitypqrs1234
 
Always up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPIAlways up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPIGOG.com dev team
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 
Acceptance & Functional Testing with Codeception - Devspace 2015
Acceptance & Functional Testing with Codeception - Devspace 2015 Acceptance & Functional Testing with Codeception - Devspace 2015
Acceptance & Functional Testing with Codeception - Devspace 2015 Joe Ferguson
 
Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"
Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"
Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"Christopher Hamm
 

Similar to Automated API pentesting using fuzzapi (20)

Flavius olaru logicless ui prototyping with node js
Flavius olaru logicless ui prototyping with node jsFlavius olaru logicless ui prototyping with node js
Flavius olaru logicless ui prototyping with node js
 
Well Crafted API Models – Key to Streamlining Workflows
Well Crafted API Models – Key to Streamlining WorkflowsWell Crafted API Models – Key to Streamlining Workflows
Well Crafted API Models – Key to Streamlining Workflows
 
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
[Srijan Wednesday Webinar] Mastering Mobile Test Automation with Appium
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & Python
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdf
 
Testing API's: Tools & Tips & Tricks (Oh My!)
Testing API's: Tools & Tips & Tricks (Oh My!)Testing API's: Tools & Tips & Tricks (Oh My!)
Testing API's: Tools & Tips & Tricks (Oh My!)
 
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 201510 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
 
KrishnaToolComparisionPPT.pdf
KrishnaToolComparisionPPT.pdfKrishnaToolComparisionPPT.pdf
KrishnaToolComparisionPPT.pdf
 
Inside Story: Scratching the Black Box - API
Inside Story: Scratching the Black Box - APIInside Story: Scratching the Black Box - API
Inside Story: Scratching the Black Box - API
 
Espresso testing
Espresso testingEspresso testing
Espresso testing
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
 
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
 
Selenium topic 1- Selenium Basic
Selenium topic 1- Selenium BasicSelenium topic 1- Selenium Basic
Selenium topic 1- Selenium Basic
 
API Testing with Frisby and Mocha
API Testing with Frisby and MochaAPI Testing with Frisby and Mocha
API Testing with Frisby and Mocha
 
Acceptance & Functional Testing with Codeception - SunshinePHP 2016
Acceptance & Functional Testing with Codeception - SunshinePHP 2016Acceptance & Functional Testing with Codeception - SunshinePHP 2016
Acceptance & Functional Testing with Codeception - SunshinePHP 2016
 
Api complete life cycle with api security
Api complete life cycle with api securityApi complete life cycle with api security
Api complete life cycle with api security
 
Always up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPIAlways up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPI
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
Acceptance & Functional Testing with Codeception - Devspace 2015
Acceptance & Functional Testing with Codeception - Devspace 2015 Acceptance & Functional Testing with Codeception - Devspace 2015
Acceptance & Functional Testing with Codeception - Devspace 2015
 
Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"
Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"
Code Palousa presentation- "Giving Digital Eyes to your Synthetic Tests"
 

Recently uploaded

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 

Recently uploaded (11)

SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 

Automated API pentesting using fuzzapi

Editor's Notes

  1. https://intland.com/wp-content/uploads/2014/09/blog-140923-dependencies-336x336.png