Explore common NGINX misconfigurations that can leave web servers vulnerable to attacks in this 21-minute conference talk by Spencer Pearlman from the OWASP Foundation. Analyze findings from Detectify's Security Research team's examination of nearly 50,000 unique NGINX configuration files. Learn about critical issues such as missing root directives, off-by-slash errors, CRLF-injection via Suri, and proxy-pass via regex. Gain valuable insights through demonstrations and receive practical remediation tips to enhance the security of your web servers powered by NGINX, which currently runs one-third of all websites worldwide.
Overview
Syllabus
Intro
Missing root directive
Off-by-slash
CRLF-injection via Suri
proxy-pass via regex
Taught by
OWASP Foundation