Hunting Evasive Vulnerabilities - Finding Flaws That Others Miss
Offered By: nullcon via YouTube
Course Description
Overview
Explore advanced techniques for uncovering elusive vulnerabilities in web security with this 40-minute conference talk by James Kettle, Director of Research at PortSwigger. Delve into a decade of web security research, examining factors that conceal both individual bugs and entire attack classes. Learn specific methods and broad principles for identifying overlooked flaws, understand what approaches are ineffective, and gain insights into lazy yet effective techniques. Discover the importance of continuous security and how to avoid leaving vulnerabilities for others to find. Suitable for anyone interested in finding or understanding vulnerabilities, this talk covers topics such as attention traps, visible defenses, overcoming fear, implausible ideas, invisible chain-links, missing fingerprints, attack surface overload, and curiosity-powered hacking.
Syllabus
Introduction
Attention Trap
Outline
Background
Why join the hunt
The visible defence
The fear
The implausible idea
The invisible chain-link
The missing fingerprint
Pyramid of pain
Attack surface overload
Scan to learn: curiosity-powered hacking
Takeaways
Taught by
nullcon
Related Courses
Unearthing Malicious and Risky OpenSource Packages Using Packjnullcon via YouTube Pushing Security Left by Mutating Byte Code
nullcon via YouTube The Faces of MacOS Malware - Detecting Anomalies in a Poisoned Apple
nullcon via YouTube Contextomy - Let's Debug Together
nullcon via YouTube Mind The Gap - The Linux Ecosystem Kernel Patch Gap
nullcon via YouTube