[Owasp-malta] OWASP Malta - Wednesday 19th 18:30 December 2018

Rodrigo Marcos rodrigo.marcos at owasp.org
Thu Dec 13 17:34:33 UTC 2018


Hi everyone,

On Wednesday (19th) we well hold the last OWASP meeting of 2018!

See below the details.

*Date / Time*

  * Date: Wednesday 19th December 2018
  * Time: 18:30


*Place*

Malta Information Technology Agency

MITA Data Centre, Triq Il - Ferrovija, Santa Venera

Map: https://goo.gl/maps/bspHHkT5xkz

*
*

*Speaker*:  Aleksei /"GreenDog"/ Tiurin (Senior Security Researcher at
Acunetix)

*Title: *Reverse proxies & Inconsistency (from ZeroNights 2018)

*Abstract*

/Modern websites are growing more complex with different reverse proxies
and load balancers covering them. They are used for various purposes:
request routing, caching, putting additional headers, restricting
access. In other words, reverse proxies must both parse incoming
requests and modify them in a particular way. However, path parsing may
turn out to be quite a challenge due to mismatches in the parsing of
different web servers. Moreover, request converting may imply a wide
range of different consequences from a information security point of
view. I have analyzed different reverse proxies with different
configurations, the ways they parse requests, apply rules, and perform
caching. In this talk, I will both speak about general processes and the
intricacies of proxy operation and demonstrate the examples of bypassing
restrictions, expanding access to a web application, and new attacks
through the web cache deception and cache poisoning./


Looking forward to seeing you there!

Rod

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-malta/attachments/20181213/f08e8eba/attachment.html>


More information about the Owasp-malta mailing list