YoVDO

Backslash Powered Scanning - Implementing Human Intuition

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Web Development Courses Cybersecurity Courses Vulnerability Assessment Courses Injection Vulnerabilities Courses

Course Description

Overview

Explore advanced web scanning techniques in this 37-minute NorthSec conference talk by James Kettle. Dive into the development and implementation of an open-source scanner that uses a novel approach to detect both known and unknown injection vulnerabilities. Learn how this scanner leverages human intuition to overcome limitations of traditional scanners, offering benefits such as WAF evasion, minimal network footprint, and adaptability to input filtering. Discover key insights from the scanner's conception, development, and deployment on thousands of websites. Uncover advanced techniques for escalating vulnerabilities like HPP and JSON injection to RCE. Gain practical knowledge on interpreting complex findings and maximizing the scanner's effectiveness in your security testing. Walk through topics including scanner limitations, harnessing intuition, vulnerability detection, false positives, code injection, HTTP parameter pollution, and brute-force attacks.

Syllabus

Introduction
The Problem
Agenda
About me
Scanners are bad at obscurity
Scanners are limited to specific languages
The million payload problem
Harnessing Intuition
Demo
Questions
What does work
Simple example
Random content
Scanning
Distribute Damage
Vulnerability
Partial Issues
Red X Injection
False Positives
Code Injection
destined to remain a mystery
HTTP parameter pollution
Identify backend parameters
Bruteforce attacks
enumerable parameters
Github pull
Summary


Taught by

NorthSec

Related Courses

Software as a Service
University of California, Berkeley via Coursera
Intro to Computer Science
University of Virginia via Udacity
Web Development
Udacity
Software Engineering for SaaS
University of California, Berkeley via Coursera
CS50's Introduction to Computer Science
Harvard University via edX