SucoshScanny

Presented at DEF CON 31 (2023), Aug. 11, 2023, 10 a.m. (115 minutes)

SucoshScan is a automated open source SAST(Static Application Security Testing) framework. It’s can detect a lot of vulnerability(RCE,SSTI,Insecure Deserilisation,SSRF,SQLI,CSRF etc.) in given source code.For now, only the detection modules of python(flask,django) and nodejs(express js.) languages are finished. In the future, specific detection functions will be written for php (Laravel, Codeigniter), .NET, Go languages.

Presenters:

• Tibet Öğünç
  Tibet Öğünç has been doing cyber security and application security research for 4 years and has discovered vulnerabilities in many web applications and helped organizations to protect themselves from attackers. As a developer in web coding languages such as Node Js., Python, Php Javascript, he works as a software developer and team leader for the development of many products.
• Mustafa Bilgici
  Mustafa Bilgici has been doing cyber security and application security research for 4 years. It conducted vulnerabilities in many applications and reported these vulnerabilities to companies. He also works as a cyber security researcher and developer in various cyber security companies.

Similar Presentations:

• REcon 2008 / Reverse Engineering Dynamic Languages, a Focus on Python
• Black Hat USA 2012 / libinjection: A C library for SQLi detection and generation through lexical analysis of real world attacks
• AppSec USA 2017 / How to detect CSRF vulnerability, reliably?