Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Unveiling Web Cache Poisoning and Deception

BreachForce
February 03, 2024

Unveiling Web Cache Poisoning and Deception

Title: Understanding Web Cache Poisoning and Deception Attacks
Presenter: Saurabh Tiwari
Event: BreachForce CyberSecurity Cohort
Talk Date: 3rd February, 2024

Saurabh Tiwari's presentation explores the fundamentals of web cache poisoning and deception attacks, shedding light on these critical security threats. The slides feature demonstrations of essential pentesting tools for identifying and assessing vulnerabilities in web applications. This presentation provides valuable insights and practical techniques for strengthening your security measures along with demonstrations of pentesting tools for vulnerability assessment.

BreachForce

February 03, 2024
Tweet

More Decks by BreachForce

Other Decks in Technology

Transcript

  1. z What is Web Cache? The purpose of the cache

    is to reduce the response time of the web server.
  2. z What Are Cache Keys?  Whenever a cache receives

    a request for a resource, it has to check if it has the same copy to reply with or whether it has to forward to respective servers.  As this is quite tricky, few components of the HTTP request are used as an identity to do so, called the cache-keys.  If the cache key of an incoming request matches the key of a previous request, then the cache considers them to be equivalent.
  3. Countermeasures against Web Cache Poisoning Implementing effective countermeasures is crucial

    in defending your website against web cache poisoning attacks. • Cache key normalization: Normalizing cache keys can help prevent variations due to input formatting or case sensitivity. • Validate user input: Implementing strict input validation and sanitization techniques can prevent injection attacks that can lead to cache poisoning. These techniques include input filtering, parameter safelisting, and regular expression checks. • Cache-control headers: Cache-control headers help enforce caching behavior and mitigate risks. For example, using headers like “no-store” and “no-cache” can prevent the caching of sensitive data. • Use web application firewalls (WAF): Deploying a robust WAF can help detect and block cache poisoning attempts. WAFs analyze incoming requests and identify suspicious patterns that indicate cache poisoning. We can configure the WAF to alert or block these requests to provide an additional layer of defense against such attacks.
  4. Conditions: 1. Web cache functionality is set for the web

    application to cache files by their extensions, disregarding any caching header. 2. When accessing a page like http://www.example.com/home.php/non-existent.css, the web server will return the content of "home.php" for that URL.
  5. REFERENCES: 1. Web cache deception attack – original blog http://omergil.blogspot.co.il/2017/02/web-cache-deception-attack.html

    2. Web cache deception attack in PayPal home page https://www.youtube.com/watch?v=pLte7SomUB8 3. Understanding our cache and the web cache deception attack – Cloudflare blog https://blog.cloudflare.com/understanding-our-cache-and-the-web-cache-deception-attack/ 4. On web cache deception attacks – Akamai blog https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html
  6. z About Me  Saurabh Tiwari  22  IT

    Security Analyst @ MobiTrail Org.  Pentester @ One of he World’s Largest E-Payment Services  Student  One of the Moderators of BreachForce Community