Explore web caching vulnerabilities and attacks in this 45-minute conference talk from AppSecCali 2019. Delve into the world of creative application security exploits, focusing on Web Cache Deception, Edge Side Include Injections, and Web Cache Poisoning. Learn how these attacks target caching mechanisms to extract sensitive information and compromise web applications. Discover the conditions necessary for successful attacks, their potential impact, and practical detection methods. Gain insights into effective mitigation strategies to protect your web caching solutions. Benefit from the expertise of Louis Dion-Marcil, an Information Security Analyst specializing in offensive application security and penetration testing, as he provides a comprehensive overview of caching attacks in both modern and legacy web applications.
Cache Me If You Can - Messing with Web Caching
Overview
Syllabus
Intro
Web Cache Deception Impact
Web Cache Deception Conditions (Django)
Web Cache Deception Mitigation
Web Cache Deception Detection
Edge Side Includes (ESI) - Includes
Edge Side Includes (ESI) - Variables
Edge Side Includes (ESI) Injection
Edge Side Includes (ESI) Oracle Web Cache
Edge Side Includes (ESI) Detection
Edge Side Includes (ESI) Mitigation
Web Cache Poisoning - Poison Safety!
Web Cache Poisoning Detection
Taught by
OWASP Foundation
Related Courses
-
Cache Me If You Can - Messing with Web Caching
-
Edge Side Include Injection - Abusing Caching Servers into SSRF and Transparent Session Hijacking
-
Practical Web Cache Poisoning - Redefining 'Unexploitable'
-
Practical Web Cache Poisoning - Redefining 'Unexploitable'
-
Web Cache Entanglement - Novel Pathways to Poisoning
-
Web Cache Deception Attack
