Jay Chen
Jay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats.
In previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.
Session
BOLA poses severe threats to modern APIs and web applications. It's considered the top risk by OWASP API and a regularly reported vulnerability on HackerOne Top10. However, automatically identifying BOLAs is challenging due to application complexity, wide range of input parameters, and the stateful nature of modern web applications.
To overcome these issues, we leverage LLM's reasoning and generative capabilities to automate tasks, such as understanding application logic, revealing endpoint dependencies, generating test cases, and interpreting results. This AI-backed method, coupled with heuristics, enables full-scale automated BOLA detection. We dub this research BOLABuster.
Despite being in its early stages, BOLABuster has exposed multiple vulnerabilities in open-source projects. Notably, we submitted 15 CVEs for a single project, leading to critical privilege escalation. Our latest disclosed vulnerability, CVE-2024-1313, was a BOLA vulnerability in Grafana, an open-source platform with over 20 million users. When benchmarked against other state-of-the-art fuzzing tools, BOLABuster sends less than 1% of the API requests to detect a BOLA.
In this talk, we'll share the methodology and lessons from our research. Join us to learn about our AI journey and explore a novel approach to vulnerability research.