IOActive Senior Information Security Consultant, Mohamed Samy, will give a talk, Fuzzmania – API Fuzzing with GenAI, during this year’s Black Hat MEA (Middle East and Africa) through the ‘Briefings’ track. Black Hat MEA will take place in Malham, Saudi Arabia, between 26 – 28 November.
Abstract:
APIs are the backbone of modern software development, but they also introduce new attack surfaces. Traditional manual testing methods can be time-consuming and inefficient, making it difficult to identify vulnerabilities in complex APIs.
In this session, we’ll introduce “Fuzzmania”, a novel tool and approach that leverages Large Language Models (LLMs) to fuzz web APIs in a semi-automated way. By combining the power of LLMs with automated testing, Fuzzmania enables users to identify vulnerabilities in their API with unprecedented efficiency.
I’ll demonstrate how Fuzzmania works, showcasing its key features and benefits:
1. The potential of using LLMs for API testing.
2. How Fuzzmania streamlines the fuzzing process, reducing time and effort required for traditional manual testing methods.
3. Notable success stories and case studies where Fuzzmania helped identify API vulnerabilities.