Attacking Secondary Contexts in Web Applications

Presented at Kernelcon 2020 Virtual, March 28, 2020, 12:30 p.m. (60 minutes)

This talk explores attacking various 'secondary contexts' in web applications where data is being passed to an underlying internal HTTP server. We will explore the different approaches to targeting limited-access/internal APIs, the very strange interactions between different servers within the stack, and lastly the different types of vulnerabilities present in second stage HTTP services.


Presenters:

  • Sam Curry
    Sam Curry is a full time bug bounty hunter and security consultant through 17security, LLC. He has been active in the security community since 2015 and runs a blog dedicated to advancing web application security research at samcurry.net.

Links:

Similar Presentations: