2023-06-29, 16:30–16:40 (Europe/Oslo), Smolarz
Secure your SaaS platform with Nuclei, an open-source tool designed for a different purpose. Automate RBAC checks, catch authorization issues early in the CI and promote better collaboration between R&D and product teams. Join us for a lightning talk on using Nuclei to streamline RBAC testing and enhance SaaS security.
RBAC is crucial for securing SaaS platforms, especially in API-first environments, but checking all possible role combinations can be challenging.
That's where Nuclei, an open-source tool designed for a different purpose, comes in.
Using Nuclei, I was able to automate RBAC checks with ease, and in this lightning talk, I'll demonstrate how you can do the same. I'll show you how to test complex roles and permissions matrices quickly, catch authorization issues early in CI, and strengthen your SaaS security.
Furthermore, this approach promotes better collaboration between R&D and product teams, enabling them to identify potential misunderstandings and streamline development.
Rotem Reiss is a product security group manager at Playtika, a bug hunter, and a code addict who has contributed to many open-source projects such as OWASP, Metasploit, and Grafana.
His shift from the software development and DevOps world to AppSec was greatly influenced by his security research “Uncovering Drupalgeddon 2”. Since then, he has been credited with disclosing CVEs in well-known products such as ElasticSearch and Grafana.
Continuing his belief that organizations should be defended with an attacker's mindset, he co-organized the first Israeli bug bounty community meetups.