Omar Ganiev

Application security and penetration testing expert, Deteact

About speaker

Omar ‘Beched’ Ganiev is an experienced application security and penetration testing expert. He spoke at several conferences (PHDays, ZeroNights, OWASP, etc.), won a lot of CTF competitions (as a member of LC↯BC and RDot.Org teams and individually as ‘Beched’). Received BSc and MSc in mathematics.
Now running the company Deteact and teaching computer security to university students.

November 15

18:00 — 19:00

Attacking the multi-layered web applications

WEB.ZONE

Russian

A typical web service today is not just a single network machine with a couple of scripts, it’s rather a whole infrastructure with a bunch of backends and internal communication protocols.
Lots of web attacks are related to the multi-layered architecture and they exploit inconsistent data processing between the layers.
We’ll overview approaches to the multi-layered application security assessment, typical attacks and exploitation techniques. Keywords: backend fingerprinting, path normalization, backslash powered scanner, HPP, reverse proxy, SSRF, ...