Overview
Learn about identifying and exploiting Denial of Service (DoS) vulnerabilities in bug bounty programs through this DEF CON 32 conference talk. Gain insights into various DoS attack types including N+1 errors, GraphQL crashing, and Cache Poisoning while examining real-world examples of their impacts. Master practical techniques for vulnerability discovery using automated scanning tools and manual testing methods. Explore how N+1 errors create redundant database queries that impact performance, discover methods to craft resource-intensive GraphQL queries that can crash servers, and understand cache poisoning techniques that disrupt service delivery. Study best practices for responsible vulnerability reporting to bug bounty programs, learn from common failures in the process, and understand the importance of staying current with emerging DoS attack vectors and mitigation strategies.
Syllabus
DEF CON 32 - Practical Exploitation of DoS in Bug Bounty - Roni Lupin Carta
Taught by
DEFCONConference