Preventing Authentication Bypass: A Tale of Two Researchers

Presented at Black Hat USA 2019, Aug. 8, 2019, 2:30 p.m. (50 minutes)

<p class="p1"><span class="s1">“I discovered a critical security issue that lets an attacker compromise any other user’s account without any user interaction."</span></p><p class="p1"><span class="s1">Join Terry Zhang, Ron Chen, and a Microsoft Engineer for the coordinated public disclosure of a critical elevation of privilege vulnerability. This is the story of a research collision by two security researchers and the emergency response investigation that was launched as a result of their vulnerability reports. Attendees will learn the techniques used by researchers to identify the vulnerability, how companies can effectively partner with researchers throughout the disclosure process to protect customers, and what application developers can do to more securely code web applications to avoid similar flaws.</span></p>

Presenters:

• Ravi Jaiswal - Principal Software Engineering Manager, Microsoft
• Ron Chan - Researcher, HackerOne
  Ron Chan is a researcher at HackerOne.
• Terry Zhang - Co-Founder, Tophant
  Terry Zhang is the Co-Founder of Tophant.

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#preventing-authentication-bypass-a-tale-of-two-researchers-17041
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Preventing Authentication Bypass A Tale of Two Researchers.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Preventing Authentication Bypass A Tale of Two Researchers.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=KN6e1mqcB9s

Similar Presentations:

• Black Hat USA 2019 / Attack Surface as a Service
• Black Hat USA 2019 / How Do Cyber Insurers View The World?
• Black Hat USA 2019 / Adventures in the Underland: The CQForensic Toolkit as a Unique Weapon Against Hackers