Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Smashing the State Machine - The True Potential of Web Race Conditions

nullcon via YouTube

Overview

Explore the untapped potential of web race condition attacks in this conference talk from Nullcon Goa. Delve into new classes of race conditions that go beyond traditional limit-overrun exploits, uncovering vulnerabilities in website state machines. Learn techniques to manipulate states and transitions, enabling the forging of trusted data, misrouting of tokens, and masking of backdoors. Discover a refined methodology for efficient testing, recognizing high-risk patterns, and identifying subtle clues. Gain insights into overcoming network jitter and creating reproducible attacks using precision tooling adapted from HTTP Desync Attack research. Understand how to tailor attacks to different HTTP versions and target architectures, exploiting protocol-level design decisions and server implementation quirks. Access free online labs to immediately apply newly acquired skills in web security testing.

Syllabus

Smashing The State Machine: The True Potential Of Web Race Conditions by James Kettle | Nullcon Goa

Taught by

nullcon

Reviews

Start your review of Smashing the State Machine - The True Potential of Web Race Conditions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.