Hackers of India

Fuzzapi - Fuzzing Your RESTAPIs Since Yesterday

By  Lalith Rallabhandi   Abhijeth Dugginapeddi   Srinavas Rao  on 27 Jul 2017 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
FUZZAPI

Abstract

After seeing the benefits of Automating REST API pen testing using a basic Fuzzapi tool, the authors have decided to come up with a better version which can automatically look into vulnerabilities in APIs from the time they are written. REST APIs are often one of the main sources of vulnerabilities in most web/mobile applications. Developers quite commonly make mistakes in defining permissions on various cross-platform APIs. This gives a chance for the attackers to abuse these APIs for vulnerabilities. Fuzzapi is a tool written in Ruby on Rails which helps to quickly identify such commonly found vulnerabilities in APIs which helps developers to fix them earlier in SDLC life cycle. The first released version of the tool only has limited functionalities however, the authors are currently working on releasing the next version which will completely automate the process which saves a lot of time and resources.