YoVDO

Hunting Asynchronous Vulnerabilities

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Cybersecurity Courses Penetration Testing Courses Cross-Site Scripting (XSS) Courses SQL Injection Courses XML External Entity (XXE) Injection Courses

Course Description

Overview

Explore advanced techniques for uncovering hidden vulnerabilities in blackbox testing scenarios during this 33-minute conference talk from the 44CON Information Security Conference. Delve into the world of exploit-induced callbacks, a powerful method for detecting issues that may not present visible symptoms, such as blind second-order SQL injection and shell command injection via background processes. Learn how to extend callback techniques beyond basic examples to identify blind and asynchronous vulnerabilities across various technologies, including XXE, (DOM)XSS, SQL injection, SMTP, and XML injection. Examine a range of strategies for triggering application callbacks, from simple approaches to complex cross-technology exploit chains. Gain insights into managing the infrastructure required for automating the discovery of these elusive vulnerabilities, along with practical advice for implementing these techniques safely in production environments.

Syllabus

Hunting Asynchronous Vulnerabilities Presented By James Kettle


Taught by

44CON Information Security Conference

Related Courses

Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities
Pluralsight Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)
LinkedIn Learning OWASP Top 10 - A4:2017 - XML External Entities
Cybrary Uncle Rat's XXE Handbook
Udemy