YoVDO

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Programming Languages Courses Cybersecurity Courses Python Courses Java Courses Javascript Courses Ruby Courses PHP Courses Perl Courses Server-Side Request Forgery (SSRF) Courses

Course Description

Overview

Explore a groundbreaking exploit technique that unveils a new attack surface for bypassing Server Side Request Forgery (SSRF) protections in this 47-minute Black Hat conference talk. Discover how the inconsistency between URL parsers and URL requesters creates vulnerabilities in popular programming languages such as Python, PHP, Perl, Ruby, Java, JavaScript, Wget, and cURL. Learn about the fuzzing tool used to uncover multiple zero-day vulnerabilities in built-in libraries of these widely-used languages. Gain insights into this general attack approach presented by Orange Tsai, which has significant implications for web security and application development.

Syllabus

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!


Taught by

Black Hat

Related Courses

Programming Languages
University of Virginia via Udacity Building a Basic Website
University of Massachusetts Amherst via Independent iDESWEB, Introducción al desarrollo web
Miríadax Web Engineering II: Developing Mobile HTML5 Apps
Technische Hochschule Mittelhessen via iversity Web Application Architectures
University of New Mexico via Coursera