Abstract:
--------------
Detecting server side prototype pollution legitimately is quite difficult because it involves changing the state of Object prototypes on the server and that can almost certainly cause DoS. I've created multiple techniques that allow you to detect SSPP without bringing the server to its knees and without needing the source code.
I'll talk about how you can detect server side prototype pollution and the pros and cons of each technique and show you how to detect the type of JavaScript engine being used on some sites all blackbox with specially crafted requests. Finally I'll share an open source Burp extension that will help you detect SSPP using Burp Suite and wrap up with defensive measures you can take, takeaways and leave 5 minutes for questions.
#Keynote #NullconBerlin2023 #Infosec #DoSattack #Conference
----------------------------------------------------------------------------------------
Follow nullcon on Facebook: / nullcon
Twitter: / nullcon
LinkedIn: / nullcon
Website: nullcon.net
Негізгі бет Nullcon Berlin 2023 | Server Side Prototype Pollution: Blackbox Detection Without The DoS by Gareth
Пікірлер: 2