"Don't Leave Your Web Apps Vulnerable: Build a Fuzzing Framework with IAST"
Typical approaches to uncovering vulnerabilities in web applications utilizing automated tools are DAST and SAST. Both approaches have drawbacks. In this talk, I will introduce the IAST approach - Interactive Application safety investigating - and the task my squad and I have been working on for the past year - Web Application Fuzzing Framework. The framework takes advantage of IAST to better realize the attack surface and discover deeper, more hard vulnerabilities. This approach can possibly be utilized in a CI/CD process as a continuous way to detect vulnerabilities during the SDLC. After the talk, you will learn how the IAST works under the hood, how to build a akin solution for your own needs, what the challenges are in building it, and what vulnerabilities we have already discovered utilizing this approach.
https://confidence-conference.org/
![[#104] Wykorzystanie narzędzi BAS do wzmocnienia bezpieczeństwa - Piotr Kawa, Błażej Długopolski](https://i1.ytimg.com/vi/-wnYrwWZA38/maxresdefault.jpg)
![[#103] Jak regulacje determinują architekturę środowiska IT - Wojciech Wencel](https://i1.ytimg.com/vi/26Vr-y2G_xQ/maxresdefault.jpg)
