API fuzzing using Swagger

20 Oct 2016
14:50 - 15:50
Alt/Tab Room

API fuzzing using Swagger

This workshop will cover how to automate fuzzing of REST APIs by leveraging API specifications, namely Open API (previously called Swagger) and Sulley (a python based fuzzer). REST APIs are an interesting target for attacks since they can easily be reverse engineered and are often used to exchange sensitive information between mobile/web apps and the cloud. In addition, fuzzing is a popular technique to uncover vulnerabilities automatically and without access to the source code. However, setting up a fuzzer can be time-consuming as it requires reconfiguration for each API. In this workshop, we will use the Open API specification – a standard for documenting REST APIs – to automate much of the configuration process and allow us to test APIs more efficiently. As a final note, please don’t forget to bring a laptop preferably with python 2.7 installed.