AppSecCali 2019 Lightning Talk - Endpoint Finder: A static analysis tool to find web endpoints

VyUnX4FTHvQ/default.jpg

JavaScript files contain an increasing amount of information about server endpoint. Existing tools use regex search patterns to extract this information statically. This kind of approach has several limitations. With static code analysis, we can get more accurate results with less false positives. This talk will cover how to use static code analysis to achieve this goal.

Endpoint Finder is a tool that extracts endpoint URL from JavaScript file. It also provides information about the method and the parameters of each endpoint. The tool is available as a plugin for Burp and Zap.

Olivier Arteau
Desjardins, Olivier Arteau
Olivier Arteau is a security advisor at the financial cooperative Desjardins. He was a Web developer during his early days and later transitioned into the security field. He has an undergraduate degree from Ecole de Technologie Superieure, a Canadian university.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

VyUnX4FTHvQ/default.jpg
AppSecCali 2019 Lightning Talk - Endpoint Finder: A static analysis tool to find web endpoints AppSecCali 2019 Lightning Talk - Endpoint Finder: A static analysis tool to find web endpoints Reviewed by Unknown on March 21, 2019 Rating: 5