Web Cache Entanglement - Novel Pathways to Poisoning
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
Unanswered questions in cache poisoning
Outline
Recap: cache poisoning concept
Recap: Practical Web Cache Poisoning (2018) Keyed GET /research?x=1 HTTP/1.1
Methodology
Unkeyed port
Unkeyed query detection
Unkeyed query effect Hides obvious XSS from pentesters & bug bounty hunters
Redirect Dos gadget
Cache parameter cloaking: Akamai?
Parameter cloaking: Rack::Cache?
Parameter cloaking: Ruby on Rails
Dynamic resource gadget
Unkeyed method
Local redirect gadget
Cache key normalisation
Normalisation gadgets - XSS
Cache key injection - Akamai
Cache key injection - Cloudflare? Select Prote Cloudflare documentation
Application Cache Poisoning - Adobe
Blind Internal Cache Poisoning - DoD
Recognising internal cache poisoning
Param Miner
Further Reading
Taught by
Black Hat
Related Courses
Software as a ServiceUniversity of California, Berkeley via Coursera Intro to Computer Science
University of Virginia via Udacity Web Development
Udacity Software Engineering for SaaS
University of California, Berkeley via Coursera CS50's Introduction to Computer Science
Harvard University via edX