OWASP
Traverse the graphs to find vulnerabilities
Similar to Modeling and Discovering Vulnerabilities with Code Property Graphs it should be possible to traverse graphs to identify vulnerabilities in authentication systems. The linked paper is about finding linux kernel vulnerabilities having the source code available. When testing authentication, we usually don't have the source code, so the graph instead is built using raider Flow objects, each with its own inputs, outputs, and a way to conditionally decide what the next stage is. At the moment of writing this, the graph architecture still isn't fully implemented so it's not yet possible to start experimenting with this. I wrote this ticket to keep track of the research done towards this goal, and to have a place to discuss the progress towards it.
