Dawid Czarnecki: Build a Fuzzing Framework with IAST | assurance 2023

youtube.com 1 rok temu


"Don't Leave Your Web Apps Vulnerable: Build a Fuzzing Framework with IAST"

Typical approaches to uncovering vulnerabilities in web applications utilizing automated tools are DAST and SAST. Both approaches have drawbacks. In this talk, I will introduce the IAST approach - Interactive Application safety investigating - and the task my squad and I have been working on for the past year - Web Application Fuzzing Framework. The framework takes advantage of IAST to better realize the attack surface and discover deeper, more hard vulnerabilities. This approach can possibly be utilized in a CI/CD process as a continuous way to detect vulnerabilities during the SDLC. After the talk, you will learn how the IAST works under the hood, how to build a akin solution for your own needs, what the challenges are in building it, and what vulnerabilities we have already discovered utilizing this approach.

https://confidence-conference.org/