Name: The Unwanted Sons - Formalizing and Demonstrating WAF Bypass Methods for the REST of the Top 10
Start: 2016-09-19T10:05:00+0300
End: 2016-09-19T10:50:00+0300

Back To Schedule

The Unwanted Sons - Formalizing and Demonstrating WAF Bypass Methods for the REST of the Top 10

The once uncommon application-level protection mechanisms are EVERYWHERE these days, and sooner or later, you'll have to face them.
Web Application Firewalls (WAF) and Intrusion Detection Systems (IDS), Filters and RASP Modules, all common and widespread countermeasures you have to face on a regular basis, with the power to turn a typical assessment into a nightmare, and make automated tools practically useless.
While the attack vectors are well covered in CWE, CAPEC, TECAPI RvR, WASC, OWASP Top 10 and Testing Guide, all you have to cover evasion techniques is a couple of cheat sheets focused on a limited set of attacks.
Sure, there are numerous XSS and SQL Injection evasion cheat sheets, but what about Path Traversal, Remote File Inclusion, OS Command Injection? What about Forced Browsing? What about other attacks?
Formalizing evasion techniques and methods for the REST of the common attack vectors makes a LOT of sense, for manual pen-testing and automated tools - and THIS is phase one, aimed to cover the rest of the unattended top 10.

Speakers

Shay Chen

CEO, Effective Security

Shay Chen is the CEO of Effective Security, an information-security boutique company specializing in information security assessments and in automating security processes of vulnerability management and SDLC. He has over twelve years in information technology and security, a strong... Read More →

Monday September 19, 2016 10:05 - 10:50 IDT
Main Auditorium

Track 1

Audience Breakers
Language Hebrew
Technical Level Intermediate / Advanced

Attendees (79)

R
T
A
A
A
H
E
T
R
E
A
D
N
G
R
T
M
G
N
e
a
N
t
O
a
A
View All →

AppSec Israel 2016

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Shay Chen

Attendees (79)