March 13-15, 2019
Montreal, Canada

Cache me if you can

Web applications are getting more complex. A lot of effort has been deployed in web frameworks.
On the other side, the infrastructure used is rarely scrutinized by developers for potential vulnerabilities.
This talk will show you how the use of a cache server can introduce serious vulnerabilities to your web applications. It will cover Web Cache Deception, ESI injection and Cache poisoning. These attacks have all emerged in the past two years.

View all 156 sessions

Philippe Arteau

ServiceNow

Philippe is a security engineer at ServiceNow. He has an interest in software development, penetration testing and security code review. He also maintains Find Security Bugs, the open-source Java static analysis tool.
He discovered significant vulnerabilities in several popular applications like Google Chrome, DropBox, Runkeeper, Jira and more. He has presented at various conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, 44CON and JavaOne.

Read More