YoVDO

Hook, Line and Sinker - Pillaging API Webhooks

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Cloud Security Courses Webhooks Courses

Course Description

Overview

Dive into the world of API webhook security with this 33-minute conference talk from Security BSides San Francisco. Explore the concept of "Webhook Boomerang flaws" and learn how these unique attack vectors can be exploited to perform Server-Side Request Forgery (SSRF) against webhooks. Discover how these attacks can lead to cloud-credential compromise, even in the presence of security protections like Metadata Headers. Gain valuable insights into the vulnerabilities of modern web services and understand the potential risks associated with webhook implementations.

Syllabus

BSidesSF 2022 - Hook, Line and Sinker - Pillaging API Webhooks (Abhay Bhargav)


Taught by

Security BSides San Francisco

Related Courses

Early Detection through Deception
YouTube Hack for Show, Report for Dough - Brian King
YouTube Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube Windows Event Logs - Zero to Hero
YouTube Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube