Realtime Communications, Realtime Risks

Explore the security implications of WebSocket technology in this 30-minute conference talk from the 44CON Information Security Conference. Delve into the threat landscape of the WebSocket protocol, uncovering why it's an often overlooked attack vector harboring traditional vulnerabilities. Learn about the WebSocket protocol and its attack surface, then examine research findings from over 50 enterprise and Open Source applications, revealing vulnerabilities leading to data leaks, account takeovers, and Remote Code Execution. Address the challenges of evaluating WebSocket security and the limitations of current tools. Discover "SocketSleuth," a new Burp Suite Extension that enhances Burp's WebSocket capabilities, aligning them more closely with regular HTTP request features. See how SocketSleuth can improve penetration testing workflows and uncover hidden bugs in real-time communications.

Elliot Ward - Realtime Communications, Realtime Risks