RoboCon 2024 - Fuzzing for vulnerabilities in REST APIS
In this informative presentation from RoboCon 2024, Alina Kostetska discusses the essential topic of security testing, with a specific focus on fuzzing REST APIs. Drawing on her experience working at Vaisala, a Finnish company specializing in industrial and environmental measurements, Alina provides a deep dive into the practice and benefits of fuzzing as a security measure.
Key Highlights:
🌟 Introduction to REST API Risks: REST APIs, while powerful, come with inherent security concerns. Alina outlines common vulnerabilities, including unsanitized inputs, exposed management endpoints, broken authorization mechanisms, and overly detailed error messages.
🌟 Understanding Fuzzing: Fuzzing is an automated software testing technique that sends randomized, unexpected inputs to a program to identify potential weaknesses or crashes. This method helps simulate real-world scenarios that might expose vulnerabilities in APIs.
🌟 Practical Implementation: The talk covers how to set up fuzzing using tools like Schema Thesis, an extension of Hypothesis, and how Vaisala developed a custom Robot Framework library to streamline the process.
🌟 Validation and Results: Alina emphasizes the importance of validating fuzzing results with existing system health checks to reduce false positives and accurately identify issues. This method ensures that detected problems are genuine and actionable.
🌟 Real-World Examples: Demonstrations include how unexpected inputs affected web UIs and endpoints, along with insights into efficiently replaying failed test cases for deeper analysis.
🌟 Audience Q&A: Alina answers questions on authentication challenges, handling infrastructure-induced errors, and tailoring the fuzzer’s granularity for specific testing needs.
This presentation is invaluable for developers, testers, and QA professionals looking to bolster their understanding of security testing in API environments. It offers practical insights into the setup, execution, and improvement of fuzzing practices, showcasing how they can enhance overall software security.
Check out the video to learn more about effective fuzzing techniques and how to implement them in your testing workflow.
Welcome to Robocon - The Ultimate Robot Framework Gathering! 🤖🚀
Robocon is an annual, electrifying event held in the vibrant city of Helsinki, Finland, where Robot Framework enthusiasts from around the world come together to celebrate their passion for test automation. It's a unique opportunity to connect with fellow testers, developers, and automation aficionados.
At Robocon, we dive into the latest trends and innovations in the world of Robot Framework. Robocon is about engaging workshops, inspiring talks, and hands-on sessions led by industry experts. Whether you're a novice looking to get started or a seasoned pro seeking advanced insights, Robocon has something for everyone.
Forge lasting connections, exchange ideas, and be part of a thriving community that shares your enthusiasm for Robot Framework. Join us at Robocon and be a part of this annual gathering that fuels your test automation journey.
Don't miss out on the chance to be part of this exciting event. Subscribe now for updates and be ready to experience the future of test automation at Robocon! 🌐🤖🌟
Robot Framework is a powerful and versatile open-source test automation framework that simplifies the process of creating and executing test cases. Whether you're a beginner or an experienced tester, this channel is your one-stop destination for all things Robot Framework.
Watch video RoboCon 2024 - Fuzzing for vulnerabilities in REST APIS online without registration, duration hours minute second in high quality. This video was added by user Robot Framework 04 November 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 282 once and liked it 18 people.