Explore advanced techniques for detecting server-side prototype pollution without causing denial of service or requiring source code access in this keynote presentation. Dive into multiple innovative methods for identifying SSPP vulnerabilities through blackbox testing, including strategies to determine the JavaScript engine used by target sites. Learn about the pros and cons of each detection technique, and gain hands-on experience with an open-source Burp Suite extension designed specifically for SSPP detection. Conclude with essential defensive measures, key takeaways, and a Q&A session to deepen your understanding of this critical web security topic.
Overview
Syllabus
Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS by Gareth Heyes
Taught by
nullcon