Automating and attacking complex HTTP processes with OWASP Raider

[danielonsecurity]

Short description of the talk

Raider is a novel, LISP-based framework for web application security
testing that abstracts the client-server information exchange as a
finite state machine. Each step comprises one request with inputs, one
response with outputs, arbitrary actions to do on the response, and
conditional links to other stages, creating a graph-like
structure. This architecture works not only for authentication
purposes but can be used for any HTTP process that needs to keep track
of states. In this presentation, we'll cover the motivation behind
Raider, the key concepts of the framework, and demonstrate how it can
automate complex HTTP processess. We'll show how Raider's flexibility
enables easy customization of attacks and how its clear text
configuration makes reproducing, sharing, and modifying attacks easy.

Level

• Beginner
• Advanced
• Everyone

Contact information
Your name and where to contact you for questions, comments, or in case the talk is not being voted for but someone want's to talk with you about your topic.

• Name: Daniel Neagaru
• Email: [email protected]
• Mastodon: @[email protected]
• Twitter: @raiderauth
• GitHub / GitLab: https://github.com/OWASP/raider

Possible days for the talk

• Saturday
• Sunday