Edge Side Include Injection - Abusing Caching Servers into SSRF and Transparent Session Hijacking
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the security implications of Edge Side Includes (ESI) in this 22-minute Black Hat conference talk. Delve into how this legacy technology, still prevalent in popular HTTP surrogates, can be exploited for web-based attacks. Learn about the potential vulnerabilities in caching servers and load balancers that have become crucial to Internet infrastructure. Discover how ESI's design can be leveraged for Server-Side Request Forgery (SSRF) and transparent session hijacking. Gain insights from speaker Louis Dion-Marcil on this unexplored attack vector and its impact on web security.
Syllabus
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube