Web App Security: URLs, Uploads and Dragons
2019-10-09T12:00:00 2019-10-09T12:00:00 - 2019-10-09T12:45:00
Handling file uploads and processing URLs should be easy, right? Well, it turns out there are many things that can go wrong, in lots of different ways, and at many levels (e.g. an application, a framework, the web browser, a proxy server). We explore through example how assumptions and subtle mishandling of URLs and files can lead to various high severity OWASP top 10 vulnerabilities.
In this seminar we will build an understanding of these vulnerabilities that
spares no detail whilst being accessible also at a non-technical level.
- Subtle dangers of the humble URL
- Why hackers gravitate towards File Upload features
- Exploitation of Server-side Request Forgery (SSRF) vulnerabilities
- How to avoid these dragons