Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Leveraging HTTP Request Smuggling for Authentication Bypass and Remote Code Execution

Hack In The Box Security Conference via YouTube

Overview

Explore a comprehensive conference talk from Hack In The Box Security Conference that delves into HTTP Request Smuggling (HRS) vulnerabilities and their critical impact on enterprise security. Learn about three significant HRS vulnerabilities discovered in F5 BIG-IP and Qlik Sense Enterprise systems that affected approximately 10% of Fortune 500 companies. Understand the evolution of HRS since its emergence in 2005, examining real-world scenarios beyond theoretical examples, including detailed analysis of CVE-2023-41265, CVE-2023-48365, and CVE-2023-46747. Master practical approaches to identifying HRS vulnerabilities in application architecture, particularly in systems where different components process HTTP requests and handle security models separately. Gain valuable insights into vulnerability assessment techniques and learn essential remediation strategies for protecting against request smuggling attacks. Presented by Adam Crosser, a staff security engineer specializing in offensive research and development at Praetorian, this 40-minute presentation offers crucial knowledge for security professionals seeking to enhance their understanding of modern web application vulnerabilities.

Syllabus

#HITB2024BKK D2 - Leveraging Request Smuggling For Authentication Bypass and Remote Code Execution

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Leveraging HTTP Request Smuggling for Authentication Bypass and Remote Code Execution

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.