YoVDO

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Programming Languages Courses Cybersecurity Courses Python Courses Java Courses Javascript Courses Ruby Courses PHP Courses Perl Courses Server-Side Request Forgery (SSRF) Courses

Course Description

Overview

Explore a groundbreaking exploit technique that unveils a new attack surface for bypassing Server Side Request Forgery (SSRF) protections in this 47-minute Black Hat conference talk. Discover how the inconsistency between URL parsers and URL requesters creates vulnerabilities in popular programming languages such as Python, PHP, Perl, Ruby, Java, JavaScript, Wget, and cURL. Learn about the fuzzing tool used to uncover multiple zero-day vulnerabilities in built-in libraries of these widely-used languages. Gain insights into this general attack approach presented by Orange Tsai, which has significant implications for web security and application development.

Syllabus

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!


Taught by

Black Hat

Related Courses

Algorithms, Part I
Princeton University via Coursera Introduction à la programmation orientée objet (en Java)
École Polytechnique Fédérale de Lausanne via Coursera MongoDB for Java Developers
MongoDB University Initiation à la programmation (en Java)
École Polytechnique Fédérale de Lausanne via Coursera Intro to Java Programming
San Jose State University via Udacity