FUZZAPI-ing API’s - Automating REST API testing with FUZZAPI

OWASP Melbourne is back for 2017! For the first meetup of the year we are lucky to have Abhijeth fly down from Sydney and talk to us about how we can automate common API tests and integrate them into our applications build pipelines or to compliment manual penetration testing.

Pizza, beer and soft drinks will be provided. Please RSVP if you can make it.

Agenda

• Pizza - 6:00pm - 6:30pm

• Presentation - 6:30pm - 7:30pm

• Socialising - 7:30pm till 9pm

Presentation

Despite the growing use of REST API’s to build modern web applications, we continue to discover vulnerabilities affecting these APIs. Testing REST API’s has historically been a manual process with a lack of tooling to help automate API testing. Also release to production cycles are getting shorter as companies move to using devops and continuous delivery practices so the need to automate as much testing as possible before the code hits production is becoming even more important.

Fuzzapi is an API Fuzzer that helps fuzz APIs to find common vulnerabilities, can be integrated into the build pipeline and can also be used to speed up manual testing by helping automate some common test scenarios.

• Installing and configuring the tool

• Running the tool to perform automated testing

• Attacks covered by fuzzapi

• Dependencies and future scope

Bio

Abhijeth D (@abhijeth) is a security consultant working for a bank in Australia. Previously worked with Adobe Systems, TCS and Sourcenxt. Security enthusiast in the fields of application, mobile and infrastructure security. Believes in a need for more security awareness and free responsible disclosures. Got lucky finding vulnerabilities in Google, Yahoo, Facebook, Microsoft, Ebay and Dropbox. Ranked in the top five researchers on Synack a bug bounty platform. Interested in social media marketing, digital marketing and web designing.

Sponsors

https://lh5.googleusercontent.com/776OBP8OkDpdak1vcllnPl2DxDg047E3ZKC33hR-xo4ERFEZ87u3wUU8EeUiuzz5tBmDMVLrNSgR3wOoFutkwq_0QJTFDZ0BEXDiSke_qjdFxkio8azkZJCnyfo77NcGPOdd0hDD

http://photos4.meetupstatic.com/photos/event/c/7/3/6/600_458330998.jpeg

Access

The Zendesk office is on the corner of Queen Street and Collins Street Melbourne. Doors to the meetup will be open on the Queen’s Street side. If you are locked out or having issues finding the place, email or Slack us and we will guide you :)

• Serge (serg [at] owasp [dot] org)

• Julian (julian [dot] berton [at] owasp [dot]] org)

• Slack - https://owasp.herokuapp.com/ (@jberton or @sergicles)