Web Cache Poisoning and Web Cache Deception Attack

Transcript

1. Web Cache Attacks Saurabh Tiwari

2. What is Web Cache? The purpose of the cache is

   to reduce the response time of the web server.
3. None
4. None
5. None

6. What Are Cache Keys?    Whenever a cache

   receives a request for a resource, it has to check if it has the same copy to reply with or whether it has to forward to respective servers. As this is quite tricky, few components of the HTTP request are used as an identity to do so, called the cache-keys. If the cache key of an incoming request matches the key of a previous request, then the cache considers them to be equivalent.

7. What Are Unkeyed Headers?

8. Impact of Web Cache Poisoning : DOS, XSS & More!

9. None

10. Countermeasures against Web Cache Poisoning Implementing effective countermeasures is crucial

    in defending your website against web cache poisoning attacks. • • • • Cache key normalization: Normalizing cache keys can help prevent variations due to input formatting or case sensitivity. Validate user input: Implementing strict input validation and sanitization techniques can prevent injection attacks that can lead to cache poisoning. These techniques include input filtering, parameter safelisting, and regular expression checks. Cache-control headers: Cache-control headers help enforce caching behavior and mitigate risks. For example, using headers like “no-store” and “no-cache” can prevent the caching of sensitive data. Use web application firewalls (WAF): Deploying a robust WAF can help detect and block cache poisoning attempts. WAFs analyze incoming requests and identify suspicious patterns that indicate cache poisoning. We can configure the WAF to alert or block these requests to provide an additional layer of defense against such attacks.
11. None
12. None
13. None
14. None
15. None
16. None
17. None
18. None
19. None

20. Conditions: 1. Web cache functionality is set for the web

    application to cache files by their extensions, disregarding any caching header. 2. When accessing a page like http://www.example.com/home.php/non-existent.css, the web server will return the content of "home.php" for that URL.
21. None

22. REFERENCES: 1. Web cache deception attack – original blog http://omergil.blogspot.co.il/2017/02/web-cache-deception-attack.html

    2. Web cache deception attack in PayPal home page https://www.youtube.com/watch?v=pLte7SomUB8 3. Understanding our cache and the web cache deception attack – Cloudflare blog https://blog.cloudflare.com/understanding-our-cache-and-the-web-cache-deception-attack/ 4. On web cache deception attacks – Akamai blog https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html

23. About Me       Saurabh Tiwari

    22 IT Security Analyst @ MobiTrail Org. Pentester @ One of he World’s Largest E-Payment Services Student One of the Moderators of BreachForce Community

24. THANKS | linkedin.com/in/saurabh-tiwari-5315801b5 @Zodiac_Minati