Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Voight-Kampff Test for Discovering Web Application Vulnerabilities

Security BSides San Francisco via YouTube

Overview

Explore the intricacies of distinguishing between human-discovered and machine-detected web application vulnerabilities in this 25-minute conference talk from BSidesSF 2020. Delve into Vanessa Sauter's presentation, which draws inspiration from the Voight-Kampff test to create a filtering system for vulnerability discoveries. Learn about the importance of identifying discovery methods, the strengths of automated scanners, and the unique value of human expertise in cybersecurity. Examine case studies, including insights from Uber's bug bounty program, and understand the nuances of various vulnerability types such as weak workflow enforcement, race conditions, and chained exploits. Engage in a thought-provoking debate on the roles of humans and machines in the ever-evolving landscape of web application security.

Syllabus

Intro
Vanessa Sauter
Travis McCormack
Why does method matter
Web Apps
About the Research
Web App Vulnerabilities
Machine Wins
Manual Setup
Vulnerabilities
Uber Bug Bounty
Why write weak enforcement of workflows
CashMoney example
Race conditions
Chain exploits
Humans and Machines
Case Study
Debate

Taught by

Security BSides San Francisco

Reviews

Start your review of The Voight-Kampff Test for Discovering Web Application Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.