Explore an innovative approach to automating Broken Object Level Authorization (BOLA) detection in APIs and web applications. Learn how Large Language Models (LLMs) are harnessed to overcome challenges in identifying BOLA vulnerabilities, which are considered a top risk by OWASP API. Discover the BOLABuster methodology, which leverages AI-backed techniques to understand application logic, reveal endpoint dependencies, generate test cases, and interpret results. Gain insights into the research that has led to the discovery of multiple vulnerabilities in open-source projects, including 15 CVEs for a single project and a critical vulnerability in Grafana. Compare BOLABuster's efficiency against state-of-the-art fuzzing tools and understand how it achieves BOLA detection with significantly fewer API requests. Join this 37-minute conference talk at BSidesLV to delve into the AI journey behind this novel approach to vulnerability research and its potential impact on API security.
BOLABuster: Harnessing LLMs for Automating BOLA Detection
Overview
Syllabus
Breaking Ground, Wed, Aug 7, 12:30 - Wed, Aug 7, CDT
Taught by
BSidesLV
Related Courses
-
Fuzzing Frontiers - Exploring Unknown Vulnerabilities with Nuclei v3.2
-
How Instacart Uses AI for Just-in-Time Access Control - BSidesLV Talk
-
ZERO-RULES Alert Contextualizer and Correlator for Detecting Multi-Stage Cyber Attacks
-
The Fault in Our Metrics - Rethinking How We Measure Detection and Response
-
Preparing for the API Apocalypse - Exposing Shadow and Zombie APIs
-
Hacking and Defending APIs - Red and Blue Make Purple
