Learn about an innovative cybersecurity conference talk that explores the automation of Broken Object Level Authorization (BOLA) vulnerability detection using Large Language Models (LLMs). Discover how BOLA, the top-ranked vulnerability in OWASP API risk assessments and fourth in HackerOne's Global Top 10, poses significant threats from data exposure to complete system compromise. Explore the challenges of automatic BOLA detection and how the speakers developed BOLABuster, an AI-powered solution that leverages LLMs to understand application logic, map endpoint dependencies, generate test cases, and interpret results. Examine real-world success cases, including the discovery of multiple vulnerabilities in open-source projects, resulting in 15 CVE submissions and the recent CVE-2024-1313 finding in Grafana. Gain insights into this cutting-edge approach that combines artificial intelligence with security testing to enhance vulnerability detection at scale.
BOLABuster - Harnessing LLMs for Automating BOLA Detection
Overview
Syllabus
DEF CON 32 - BOLABuster-Harnessing LLMs for Automating BOLA Detection - Ravid Mazon, Jay Chen
Taught by
DEFCONConference