Unicode Vulnerabilities That Could Byte You

Explore Unicode vulnerabilities and their impact on modern applications in this 42-minute conference talk from NorthSec 2020. Delve into the security implications of encoding conversion, normalization, and character transformation. Learn about the HostSplit and HostBond attacks, which exploit minor character conversions to trigger open redirects and Server-Side Request Forgery (SSRF). Discover how uppercase and lowercase transformations can introduce vulnerabilities and how encoding can be used to bypass security controls like Web Application Firewalls. Examine the risks associated with Punycode representation in domain names and its potential for visual confusion. Gain a comprehensive understanding of Unicode-related security concerns, including patched issues and ongoing risks. Benefit from the expertise of Philippe Arteau, a security researcher at GoSecure, as he shares his insights on Web application security, static analysis tools, and proxy tool plugins.