Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

BOLABuster - Harnessing LLMs for Automating BOLA Detection

DEFCONConference via YouTube

Overview

Learn about an innovative cybersecurity conference talk that explores the automation of Broken Object Level Authorization (BOLA) vulnerability detection using Large Language Models (LLMs). Discover how BOLA, the top-ranked vulnerability in OWASP API risk assessments and fourth in HackerOne's Global Top 10, poses significant threats from data exposure to complete system compromise. Explore the challenges of automatic BOLA detection and how the speakers developed BOLABuster, an AI-powered solution that leverages LLMs to understand application logic, map endpoint dependencies, generate test cases, and interpret results. Examine real-world success cases, including the discovery of multiple vulnerabilities in open-source projects, resulting in 15 CVE submissions and the recent CVE-2024-1313 finding in Grafana. Gain insights into this cutting-edge approach that combines artificial intelligence with security testing to enhance vulnerability detection at scale.

Syllabus

DEF CON 32 - BOLABuster-Harnessing LLMs for Automating BOLA Detection - Ravid Mazon, Jay Chen

Taught by

DEFCONConference

Reviews

Start your review of BOLABuster - Harnessing LLMs for Automating BOLA Detection

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.