Overview
Dive into the world of API webhook security with this 33-minute conference talk from Security BSides San Francisco. Explore the concept of "Webhook Boomerang flaws" and learn how these unique attack vectors can be exploited to perform Server-Side Request Forgery (SSRF) against webhooks. Discover how these attacks can lead to cloud-credential compromise, even in the presence of security protections like Metadata Headers. Gain valuable insights into the vulnerabilities of modern web services and understand the potential risks associated with webhook implementations.
Syllabus
BSidesSF 2022 - Hook, Line and Sinker - Pillaging API Webhooks (Abhay Bhargav)
Taught by
Security BSides San Francisco