YoVDO

Edge Side Include Injection - Abusing Caching Servers into SSRF and Transparent Session Hijacking

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Server-Side Request Forgery (SSRF) Courses Web Security Courses

Course Description

Overview

Explore the security implications of Edge Side Includes (ESI) in this 22-minute Black Hat conference talk. Delve into how this legacy technology, still prevalent in popular HTTP surrogates, can be exploited for web-based attacks. Learn about the potential vulnerabilities in caching servers and load balancers that have become crucial to Internet infrastructure. Discover how ESI's design can be leveraged for Server-Side Request Forgery (SSRF) and transparent session hijacking. Gain insights from speaker Louis Dion-Marcil on this unexplored attack vector and its impact on web security.

Syllabus

Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking


Taught by

Black Hat

Related Courses

Internet History, Technology, and Security
University of Michigan via Coursera
Client-Server Communication
Google via Udacity
HTTP & Web Servers
Udacity
Network Security
Georgia Institute of Technology via Udacity
Web Security Fundamentals
KU Leuven University via edX