Explore the security implications of Edge Side Includes (ESI) in this 22-minute Black Hat conference talk. Delve into how this legacy technology, still prevalent in popular HTTP surrogates, can be exploited for web-based attacks. Learn about the potential vulnerabilities in caching servers and load balancers that have become crucial to Internet infrastructure. Discover how ESI's design can be leveraged for Server-Side Request Forgery (SSRF) and transparent session hijacking. Gain insights from speaker Louis Dion-Marcil on this unexplored attack vector and its impact on web security.
Edge Side Include Injection - Abusing Caching Servers into SSRF and Transparent Session Hijacking
Overview
Syllabus
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
Taught by
Black Hat
Related Courses
-
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)
-
Cache Me If You Can - Messing with Web Caching
-
The 3 Way Bypass Surgery - Abusing Content Delivery Networks with Server Side Request Forgery - SSRF
-
What is Server-Side Request Forgery - SSRF?
-
Learn to Hack WebApps - SSRF (Server-Side Request Forgery)
-
Modern Web Vulnerabilities 2020
