IOActive Senior Information Security Consultant Mohamed Samy will give a talk, ‘Fuzzmania – API Fuzzing with GenAI,’ at this year’s Los Angeles 2025 API Security Summit with Wallarm at Topgolf w/ OWASP LA, taking place July 30. That abstract of the talk can be found below!
ABSTRACT
APIs are the backbone of modern software development, but they also introduce new attack surfaces. Traditional manual testing methods can be time-consuming and inefficient, making it difficult to identify vulnerabilities in complex APIs.
In this session, we’ll introduce “Fuzzmania”, a novel tool and approach that leverages Large Language Models (LLMs) to fuzz web APIs in a semi-automated way. By combining the power of LLMs with automated testing, Fuzzmania enables users to identify vulnerabilities in their API with unprecedented efficiency.
I’ll demonstrate how Fuzzmania works, showcasing its key features and benefits:
1. The potential of using LLMs for API testing.
2. How Fuzzmania streamlines the fuzzing process, reducing time and effort required for traditional manual testing methods.
3. Notable success stories and case studies where Fuzzmania helped identify API vulnerabilities.