Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hunting Evasive Vulnerabilities - Finding Flaws That Others Miss

nullcon via YouTube

Overview

Explore advanced techniques for uncovering elusive vulnerabilities in web security with this 40-minute conference talk by James Kettle, Director of Research at PortSwigger. Delve into a decade of web security research, examining factors that conceal both individual bugs and entire attack classes. Learn specific methods and broad principles for identifying overlooked flaws, understand what approaches are ineffective, and gain insights into lazy yet effective techniques. Discover the importance of continuous security and how to avoid leaving vulnerabilities for others to find. Suitable for anyone interested in finding or understanding vulnerabilities, this talk covers topics such as attention traps, visible defenses, overcoming fear, implausible ideas, invisible chain-links, missing fingerprints, attack surface overload, and curiosity-powered hacking.

Syllabus

Introduction
Attention Trap
Outline
Background
Why join the hunt
The visible defence
The fear
The implausible idea
The invisible chain-link
The missing fingerprint
Pyramid of pain
Attack surface overload
Scan to learn: curiosity-powered hacking
Takeaways

Taught by

nullcon

Reviews

Start your review of Hunting Evasive Vulnerabilities - Finding Flaws That Others Miss

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.