[Owasp-malta] OWASP Malta - Wednesday 19th 18:30 December 2018
rodrigo.marcos at owasp.org
Thu Dec 13 17:34:33 UTC 2018
On Wednesday (19th) we well hold the last OWASP meeting of 2018!
See below the details.
*Date / Time*
* Date: Wednesday 19th December 2018
* Time: 18:30
Malta Information Technology Agency
MITA Data Centre, Triq Il - Ferrovija, Santa Venera
*Speaker*: Aleksei /"GreenDog"/ Tiurin (Senior Security Researcher at
*Title: *Reverse proxies & Inconsistency (from ZeroNights 2018)
/Modern websites are growing more complex with different reverse proxies
and load balancers covering them. They are used for various purposes:
request routing, caching, putting additional headers, restricting
access. In other words, reverse proxies must both parse incoming
requests and modify them in a particular way. However, path parsing may
turn out to be quite a challenge due to mismatches in the parsing of
different web servers. Moreover, request converting may imply a wide
range of different consequences from a information security point of
view. I have analyzed different reverse proxies with different
configurations, the ways they parse requests, apply rules, and perform
caching. In this talk, I will both speak about general processes and the
intricacies of proxy operation and demonstrate the examples of bypassing
restrictions, expanding access to a web application, and new attacks
through the web cache deception and cache poisoning./
Looking forward to seeing you there!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-malta