Application security and penetration testing expert, Deteact
About speaker
Omar ‘Beched’ Ganiev is an experienced application
security and penetration testing expert. He spoke at several
conferences (PHDays, ZeroNights, OWASP, etc.), won a lot of CTF
competitions (as a member of LC↯BC and RDot.Org teams and
individually as ‘Beched’). Received BSc and MSc in mathematics.
Now running the company Deteact and teaching computer security to university
students.
A typical web service today is not just a single network machine
with a couple of scripts, it’s rather a whole
infrastructure with a bunch of backends and internal communication
protocols.
Lots of web attacks are related to the multi-layered architecture and
they exploit inconsistent data processing between the layers.
We’ll overview approaches to the multi-layered application security
assessment, typical attacks and exploitation techniques.
Keywords: backend fingerprinting, path normalization, backslash powered scanner,
HPP, reverse proxy, SSRF, ...
