Building AppSec Tools for AI Agents | Live Hacking Demo
Автор: Dropzone AI
Загружено: 2025-05-08
Просмотров: 10
Speaking at Security Frontiers 2025, Josh Larsen, Co-founder and CTO at Ghost Security, demonstrates Reaper, an open-source web proxy built specifically for AI agent interaction, solving modern AppSec testing challenges.
This 12-minute presentation tackles the fundamental problems with dynamic application security testing - limited code coverage, false positives, authentication struggles, and lack of context. See how designing tools for AI agents from the outset creates powerful leverage for modern app security testing.
Live Demo Highlights:
[02:00] Modern app security testing challenges vs. legacy tools
[04:00] Why traditional tools like Burp Suite struggle with AI integration
[06:00] Live demo: Reaper intercepting web proxy in action
[07:30] AI agent autonomously discovering vulnerable banking app endpoints
[09:00] Automated fuzzing without human intervention
[10:30] MCP standard adoption and API-first tool design principles
[11:30] Results: AI agents providing comprehensive coverage at scale
Technical Innovation:
Josh shows how Reaper was built in October 2024 - a month before Anthropic's MCP standard - with the expectation that AI agents would interact directly with its APIs. Watch the agent autonomously map attack surfaces, identify target endpoints, and launch fuzzing attacks while learning and adapting its approach.
Key Problem Solved:
Traditional dynamic application security testing is slow, resource-intensive, and struggles with modern authentication schemes. By building tools that expose APIs for AI agent interaction, security teams can achieve much greater coverage and reduce manual tedium in vulnerability assessment.
Perfect Demonstration:
Live vulnerable banking app testing shows the AI agent working through endpoint discovery, parameter identification, and automated attack execution - all without human guidance beyond initial target specification.
Perfect for:
Application security engineers, penetration testers, DevSecOps teams, and anyone building AI-integrated security tooling for modern cloud-native applications.
#SecurityFrontiers #AppSec #AIAgents #PenetrationTesting #WebSecurity #SecurityAutomation #VulnerabilityAssessment #SecurityTooling #LiveDemo
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
