Explore the innovative application of neural networks in web application fuzzing through this conference talk from HITB GSEC 2017. Delve into the challenges of traditional fuzzing methods and discover how neural networks can enhance coverage and efficiency. Learn about the architecture of a neural network-based fuzzing tool, including the use of recurrent neural networks and LSTM units. Examine practical examples of payload generation for Local File Inclusion (LFI) attacks and analyze the results. Gain insights from Ivan Novikov, CEO and Lead Security Expert of Wallarm, as he shares his vision for the future of fuzzing techniques in web application security.
Overview
Syllabus
Intro
What is the fuzzing
What is the difference?
The main problems of fuzzing
WHERE. The coverage problem
WHAT.Attack vectors
SHOW. Interpretation problem
Fuzzing tool architecture
How to fuzz?
Recurrent neural networks
LSTM. Long Short Memory Unit
Fuzzing network architecture
Fuzzing NN training. LFI payloads
Analysing the results
Example 4
What's next?
Some sort of vision
Taught by
Hack In The Box Security Conference
