Cache Me If You Can - Messing with Web Caching
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore web caching vulnerabilities and attacks in this 45-minute conference talk from AppSecCali 2019. Delve into the world of creative application security exploits, focusing on Web Cache Deception, Edge Side Include Injections, and Web Cache Poisoning. Learn how these attacks target caching mechanisms to extract sensitive information and compromise web applications. Discover the conditions necessary for successful attacks, their potential impact, and practical detection methods. Gain insights into effective mitigation strategies to protect your web caching solutions. Benefit from the expertise of Louis Dion-Marcil, an Information Security Analyst specializing in offensive application security and penetration testing, as he provides a comprehensive overview of caching attacks in both modern and legacy web applications.
Syllabus
Intro
Web Cache Deception Impact
Web Cache Deception Conditions (Django)
Web Cache Deception Mitigation
Web Cache Deception Detection
Edge Side Includes (ESI) - Includes
Edge Side Includes (ESI) - Variables
Edge Side Includes (ESI) Injection
Edge Side Includes (ESI) Oracle Web Cache
Edge Side Includes (ESI) Detection
Edge Side Includes (ESI) Mitigation
Web Cache Poisoning - Poison Safety!
Web Cache Poisoning Detection
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube