Cache Me If You Can - Messing with Web Caching

Explore web caching vulnerabilities and attacks in this 45-minute conference talk from AppSecCali 2019. Delve into the world of creative application security exploits, focusing on Web Cache Deception, Edge Side Include Injections, and Web Cache Poisoning. Learn how these attacks target caching mechanisms to extract sensitive information and compromise web applications. Discover the conditions necessary for successful attacks, their potential impact, and practical detection methods. Gain insights into effective mitigation strategies to protect your web caching solutions. Benefit from the expertise of Louis Dion-Marcil, an Information Security Analyst specializing in offensive application security and penetration testing, as he provides a comprehensive overview of caching attacks in both modern and legacy web applications.

Intro
Web Cache Deception Impact
Web Cache Deception Conditions (Django)
Web Cache Deception Mitigation
Web Cache Deception Detection
Edge Side Includes (ESI) - Includes
Edge Side Includes (ESI) - Variables
Edge Side Includes (ESI) Injection
Edge Side Includes (ESI) Oracle Web Cache
Edge Side Includes (ESI) Detection
Edge Side Includes (ESI) Mitigation
Web Cache Poisoning - Poison Safety!
Web Cache Poisoning Detection