Timing Attacks Against Web Applications: Are They Still Practical? - DefCamp - 2018

Explore the practical implications of timing attacks against web applications in this DefCamp 2018 conference talk. Delve into the fundamentals of timing attacks, including prerequisites and calculation methods for Round Trip Time (RTT) and server response time. Examine the role of spikes in these attacks and learn how to identify potential targets. Investigate techniques for timing different functions and discover essential attack resources. Understand how to reduce the search space and the potential consequences of successful timing attacks. Conclude by discussing possible solutions to mitigate these security vulnerabilities. Gain valuable insights into this critical aspect of web application security from industry experts at one of Central and Eastern Europe's premier hacking and information security conferences.

Intro
What is a timing attack?
Prerequisite
Calculating the RTT
Calculating server response time
What else? Spikes.
The target? More specifically
Timing different functions
Attack resources
Reducing the search space
What can the consequences be?
Solution to timing attacks?