Tap to unmute

Web Cache Deception Attack

  Рет қаралды 21,934

Black Hat

Black Hat

Күн бұрын

Пікірлер: 21
@ysantamorena5150
@ysantamorena5150 7 жыл бұрын
Nice talk The moral is the same as Spectre: too much push on performance without caring about security
@MherZaqaryann
@MherZaqaryann Жыл бұрын
Very clear explanation, respect to this guy!
@SuperMarkusparkus
@SuperMarkusparkus 6 жыл бұрын
Sometimes adding a semicolon with some junk thereafter will not change the way the web server interprets the URL. This is common in Tomcat. webserver/path/to/page and webserver/path;junk/to;.junk/page;.css will be treated the same. I guess this could be used as a way to change the extension of the URL and hence make some things cachable.
@derek5863
@derek5863 7 жыл бұрын
Some penetration tools used to perform automated assessments of vulnerable sites must be adding a lot of data to these caches. Particularly authenticated fuzzing or file/directory brute-force. Let's hope tool developers don't use known file names and locations, and customers always sanitise their test DB's. 8-(
@hackersguild8445
@hackersguild8445 6 жыл бұрын
Awesome talk.:)
@MrM4X0N3
@MrM4X0N3 6 жыл бұрын
Good talk!
@HackingwiththeMiddle
@HackingwiththeMiddle 7 жыл бұрын
awesome!
@thesenuts4472
@thesenuts4472 6 жыл бұрын
Applaud this man.
@director1111
@director1111 7 жыл бұрын
Why are you guys putting it online 6 month later?
@SuperMarkusparkus
@SuperMarkusparkus 7 жыл бұрын
What do you mean?
@mleczkoxdTakTenmleczko
@mleczkoxdTakTenmleczko 3 жыл бұрын
Using name Java wasn't good idea cause it's a litte bit confuse
@BR-lx7py
@BR-lx7py 7 жыл бұрын
IMO you are not mentioning the only real solution: serve your cacheable and personalized/non-cacheable content on different domains. Use a very simple CDN configuration for the latter that does not cache anything, or no CDN at all if your origin can handle that. Otherwise you are only one mistake away from some major egg on your face. It is way too easy to make a configuration error in the CDN, or have the origin send the wrong headers by mistake.
@TheDarkHorseUprising
@TheDarkHorseUprising 7 жыл бұрын
love this talk so badass
@PitchBlackHat
@PitchBlackHat 7 жыл бұрын
not as badass as your avatar! ;)...
@jasonlind3065
@jasonlind3065 5 жыл бұрын
Haha I did this to cheat on my ochem online homework when I forgot to do it and it was about to be due. Still got a B tho
@rlsn-kali
@rlsn-kali 13 күн бұрын
im on this bug right now
6 жыл бұрын
Wait, this is a new thing?
@amandamate9117
@amandamate9117 7 жыл бұрын
Ernst and fucken Young
@shubham_srt
@shubham_srt 11 ай бұрын
ayoooo
@shubham_srt
@shubham_srt 11 ай бұрын
i am late af
@RamonaBonam-k8o
@RamonaBonam-k8o 4 ай бұрын
Lang Isle
Game of Chromes: Owning the Web with Zombie Chrome Extensions
45:39
DNS Cache Poisoning - Computerphile
11:04
Computerphile
Рет қаралды 310 М.
How to have fun with a child 🤣 Food wrap frame! #shorts
0:21
BadaBOOM!
Рет қаралды 17 МЛН
ShieldFS: The Last Word in Ransomware Resilient File Systems
50:55
WEB CACHE DECEPTION FOR BEGINNERS!
7:42
Farah Hawa
Рет қаралды 18 М.
CV$$, Web Cache Deception, and SSTI (Ep. 11)
1:03:48
Critical Thinking - Bug Bounty Podcast
Рет қаралды 1,4 М.
Breaking the x86 Instruction Set
44:29
Black Hat
Рет қаралды 362 М.
Ichthyology: Phishing as a Science
24:28
Black Hat
Рет қаралды 36 М.
OAuth 2.0 and OpenID Connect (in plain English)
1:02:17
OktaDev
Рет қаралды 1,8 МЛН
Web cache deception [Spanish - English subtitles]
35:12
Bugcrowd
Рет қаралды 945
Exploiting Web Cache Poisoning
16:17
CyberSecurityTV
Рет қаралды 15 М.