Tushar Kulkarni, a graduate student in secure computing at the Luddy School of Informatics, Computing, and Engineering, presented his Open-Source tool at two major August conferences in Las Vegas -- the Blackhat USA 2023 , and Defcon.
Blackhat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. These multi-day events provide the security community with the latest cutting-edge research, developments, and trends. It brings together researchers and the open-source community to showcase their open-source tools and products.
Defcon is an annual hacker convention. It draws computer security professionals, security researchers, journalists, lawyers, government employees and others interested in software, computer architecture, hardware modification, conference badges and anything else that can be hacked.
Kulkarni’s vAPI tool is designed to improve application security, which is crucial in an ever-advancing technology world. It teaches API security -- ensuring sensitive data is protected so that only authorized individuals can access it and protecting customer privacy -- in a gamified way, much like a Capture-the-Flag environment. It helps make learning easier and more enjoyable.
Specifically, vAPI is a Vulnerable Adversely Programmed Interface in a Lab-like environment. It mimics the scenarios from the Open Web Application Security Project’s top-10 security risks, and helps users understand and exploit vulnerabilities. It has exercises and challenges related to advanced topics in authorization and access control.
Kulkarni created the tool two years ago, and continues to upgrade it with new challenges and vulnerabilities, allowing users to continue to learn about exploiting vulnerabilities and even enabling them to make their own changes.
Kulkarni presented at the Arsenal lineup at Blackhat and the Appsec Village segment of Defcon. Villages are mini-conferences within the main conference that focus on the latest trends and techniques related to application security.