Backslash Powered Scanning - Hunting Unknown Vulnerability Classes

Explore an innovative approach to web vulnerability scanning in this Black Hat conference talk. Delve into the development of a new scanning technique that goes beyond traditional methods of searching for server-side injection vulnerabilities. Learn how this alternative approach can identify and confirm both known and unknown classes of injection vulnerabilities. Discover the journey from conception to implementation, including topics such as Port Swagger, security through obscurity, performance issues, and the challenges of scanning 2000 sites. Gain insights into specific vulnerability types like PHP code injection and Regex injection, as well as strategies for handling false positives and intelligence gathering. Understand the limitations of existing scanners and how this new methodology aims to overcome them, potentially revolutionizing the field of web security testing.