Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Unveiling Web Cache Poisoning and Deception

BreachForce
February 03, 2024
Technology
0
11

Unveiling Web Cache Poisoning and Deception

Title: Understanding Web Cache Poisoning and Deception Attacks
Presenter: Saurabh Tiwari
Event: BreachForce CyberSecurity Cohort
Talk Date: 3rd February, 2024

Saurabh Tiwari's presentation explores the fundamentals of web cache poisoning and deception attacks, shedding light on these critical security threats. The slides feature demonstrations of essential pentesting tools for identifying and assessing vulnerabilities in web applications. This presentation provides valuable insights and practical techniques for strengthening your security measures along with demonstrations of pentesting tools for vulnerability assessment.

BreachForce

February 03, 2024
Tweet

More Decks by BreachForce

See All by BreachForce
Active Directory Security Workshop by Chirag Savla
breachforce
0
20
Art of Smuggling HTTP Requests
breachforce
0
3
COOL RECON TECHNIQUES EVERY HACKER MISSES
breachforce
0
9
Can Request Encryption Fix Your Web Apps?
breachforce
0
11
iOS App Pentesting Discover Exploit Secure
breachforce
0
3
Phone Systems and their security
breachforce
0
8
Cybersecurity for Satellites by Jaden Furtado
breachforce
0
5
Nmap in Depth by Nathaniel Fernandes
breachforce
0
3
Understanding SOC: The heartbeat of Cybersecurity and Network Infrastructure
breachforce
0
4

Other Decks in Technology

See All in Technology
CAMERA-Suite: 広告文生成のための評価スイート / ai-camera-suite
cyberagentdevelopers
PRO
3
250
Nix入門パラダイム編
asa1984
2
180
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
150
君は隠しイベントを見つけれるか?
mujyun
0
170
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
160
マネジメント視点でのre:Invent参加 ~もしCEOがre:Inventに行ったら~
kojiasai
0
330
Emacs x Nostr
hakkadaikon
1
140
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
4
270
Databricksで構築する初めての複合AIシステム - ML15min
taka_aki
2
1.4k
サーバーサイドのデータプレーンプログラミング 〜 NVIDIA Blue Field / DOCA 〜
ebiken
PRO
1
240
一休.comレストランにおけるRustの活用
kymmt90
3
440
チームを主語にしてみる / Making "Team" the Subject
ar_tama
3
260

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Navigating Team Friction
lara
183
14k
KATA
mclloyd
29
13k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
1.9k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
A better future with KSS
kneath
238
17k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
Become a Pro
speakerdeck
PRO
24
5k
It's Worth the Effort
3n
183
27k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k

Transcript

  1. z Web Cache Attacks Saurabh Tiwari

  2. z What is Web Cache? The purpose of the cache

    is to reduce the response time of the web server.
  3. None
  4. None
  5. None

  6. z What Are Cache Keys?  Whenever a cache receives

    a request for a resource, it has to check if it has the same copy to reply with or whether it has to forward to respective servers.  As this is quite tricky, few components of the HTTP request are used as an identity to do so, called the cache-keys.  If the cache key of an incoming request matches the key of a previous request, then the cache considers them to be equivalent.

  7. z What Are Unkeyed Headers?

  8. Impact of Web Cache Poisoning : DOS, XSS & More!

  9. None

  10. Countermeasures against Web Cache Poisoning Implementing effective countermeasures is crucial

    in defending your website against web cache poisoning attacks. • Cache key normalization: Normalizing cache keys can help prevent variations due to input formatting or case sensitivity. • Validate user input: Implementing strict input validation and sanitization techniques can prevent injection attacks that can lead to cache poisoning. These techniques include input filtering, parameter safelisting, and regular expression checks. • Cache-control headers: Cache-control headers help enforce caching behavior and mitigate risks. For example, using headers like “no-store” and “no-cache” can prevent the caching of sensitive data. • Use web application firewalls (WAF): Deploying a robust WAF can help detect and block cache poisoning attempts. WAFs analyze incoming requests and identify suspicious patterns that indicate cache poisoning. We can configure the WAF to alert or block these requests to provide an additional layer of defense against such attacks.
  11. None
  12. None
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. None

  20. Conditions: 1. Web cache functionality is set for the web

    application to cache files by their extensions, disregarding any caching header. 2. When accessing a page like http://www.example.com/home.php/non-existent.css, the web server will return the content of "home.php" for that URL.
  21. None

  22. REFERENCES: 1. Web cache deception attack – original blog http://omergil.blogspot.co.il/2017/02/web-cache-deception-attack.html

    2. Web cache deception attack in PayPal home page https://www.youtube.com/watch?v=pLte7SomUB8 3. Understanding our cache and the web cache deception attack – Cloudflare blog https://blog.cloudflare.com/understanding-our-cache-and-the-web-cache-deception-attack/ 4. On web cache deception attacks – Akamai blog https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html

  23. z About Me  Saurabh Tiwari  22  IT

    Security Analyst @ MobiTrail Org.  Pentester @ One of he World’s Largest E-Payment Services  Student  One of the Moderators of BreachForce Community

  24. THANKS | linkedin.com/in/saurabh-tiwari-5315801b5 @Zodiac_Minati