Hunting Evasive Vulnerabilities - Finding Flaws That Others Miss

Explore advanced techniques for uncovering elusive vulnerabilities in web security with this 40-minute conference talk by James Kettle, Director of Research at PortSwigger. Delve into a decade of web security research, examining factors that conceal both individual bugs and entire attack classes. Learn specific methods and broad principles for identifying overlooked flaws, understand what approaches are ineffective, and gain insights into lazy yet effective techniques. Discover the importance of continuous security and how to avoid leaving vulnerabilities for others to find. Suitable for anyone interested in finding or understanding vulnerabilities, this talk covers topics such as attention traps, visible defenses, overcoming fear, implausible ideas, invisible chain-links, missing fingerprints, attack surface overload, and curiosity-powered hacking.