YoVDO

FIESTA - An HTTPS Side-Channel Party

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Bug Bounty Courses Web Security Courses Side Channel Attacks Courses Vulnerability Testing Courses

Course Description

Overview

Explore FIESTA, a new tool for testing HTTPS side-channel vulnerabilities, in this 42-minute conference talk from OWASP AppSec EU 2018. Delve into the world of TLS traffic exploitation and learn about past attacks like CRIME, BREACH, and TIME. Discover a previously unused side-channel affecting major internet companies. Examine the tool's configuration, fake web setup, and image loading techniques. Investigate real-world examples involving Google and Facebook, and discuss bug bounty implications. Gain insights into JavaScript-based countermeasures and understand the broader implications for online security.

Syllabus

Intro
Pizza delivery example
Traffic
Compression
Search language
Exploit
Double narrative
FIESTA
Configuration file
Fake web
HTTP
Image loading
Image loading test
The trick
Example
Bounty hunters
Google
Facebook
Bug bounties
Hiding window
JavaScript
Conclusion


Taught by

OWASP Foundation

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube