Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Backslash Powered Scanning - Implementing Human Intuition

NorthSec via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced web scanning techniques in this 37-minute NorthSec conference talk by James Kettle. Dive into the development and implementation of an open-source scanner that uses a novel approach to detect both known and unknown injection vulnerabilities. Learn how this scanner leverages human intuition to overcome limitations of traditional scanners, offering benefits such as WAF evasion, minimal network footprint, and adaptability to input filtering. Discover key insights from the scanner's conception, development, and deployment on thousands of websites. Uncover advanced techniques for escalating vulnerabilities like HPP and JSON injection to RCE. Gain practical knowledge on interpreting complex findings and maximizing the scanner's effectiveness in your security testing. Walk through topics including scanner limitations, harnessing intuition, vulnerability detection, false positives, code injection, HTTP parameter pollution, and brute-force attacks.

Syllabus

Introduction
The Problem
Agenda
About me
Scanners are bad at obscurity
Scanners are limited to specific languages
The million payload problem
Harnessing Intuition
Demo
Questions
What does work
Simple example
Random content
Scanning
Distribute Damage
Vulnerability
Partial Issues
Red X Injection
False Positives
Code Injection
destined to remain a mystery
HTTP parameter pollution
Identify backend parameters
Bruteforce attacks
enumerable parameters
Github pull
Summary

Taught by

NorthSec

Reviews

Start your review of Backslash Powered Scanning - Implementing Human Intuition

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.