Ben Sadeghipour — Owning The Clout Through Server Side Request Forgery — DEF CON 27 Conference

Дата: 16.11.2019. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

With how many apps are running in the cloud, hacking these instances becomes easier with a simple vulnerability due to an unsanitized user input. In this talk, we’ll discuss a number of different methods that helped us exfil data from different applications using Server-Side Request Forgery (SSRF). Using these methods, we were able to hack some of the major transportation, hospitality, and social media companies and make $50,000 in rewards in 3 months.

Ben Sadeghipour
Ben is the Hacker Operations Lead at HackerOne by day, and a hacker by night. He has helped identify and exploit over 500 security vulnerabilities across 100s of web and mobile applications for companies such as Yahoo, Airbnb, Snapchat, The US Department of Defense, Yelp, and more. He also invested time in the security community, by creating a community of 200+ active hackers who share ideas and their experiences. He has also held free workshops and trainings to teach others about security and web application hacking.

Twitter: @nahamsec
Website: nahamsec.com

Cody Brocious (Daeken)
Cody is the Head of Hacker Education at HackerOne where he dedicates his time to teaching hackers to be more effective and empowered. A reverse engineer and software developer with well over a decade of experience. Cody is also the lead instructor for Hacker101, a free course for web security.

Twitter: @daeken
Website: daeken.svbtle.com

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *