_whats-wrong-with-websocket-apis-unveiling-vulnerabilities-in-websocket-apis-mikhail-egorov.jpg "What’s Wrong with WebSocket APIs - Unveiling Vulnerabilities in WebSocket APIs - Mikhail Egorov from csrf Video Screenshot Preview")
GalleryPlay Video:
(Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
⏲ Duration: 22 min 85 sec
✓ Published: 27-Feb-2020
✓ Published: 27-Feb-2020
Description:
WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported in Amazon API Gateway.nnWebSockets APIs have a different security model compared to REST APIs, resulting in unique attack vectors. Neve
WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported in Amazon API Gateway.nnWebSockets APIs have a different security model compared to REST APIs, resulting in unique attack vectors. Neve
Share with your friends:
Whatsapp | Viber | Telegram | Line | SMS
Email | Twitter | Reddit | Tumblr | Pinterest
Related Videos
_whats-wrong-with-websocket-apis-unveiling-vulnerabilities-in-websocket-apis-mikhail-egorov.webp "WebSocket protocol is many times more efficient than HTTP. In recent years we can observe that developers tend to implement functionality in the form of WebSocket APIs instead of traditional REST APIs, that use HTTP. Modern technologies and frameworks simplify the building of efficient WebSocket APIs. We can name GraphQL subscriptions or Websocket APIs supported in Amazon API Gateway.nnWebSockets APIs have a different security model compared to REST APIs, resulting in unique attack vectors. Neve")
⏲ 22 min 85 sec ✓ 27-Feb-2020
_sectalk-0x08-common-web-application-vulnerabilities-part-2.webp "Web application insecurities often undermine IT infrastructure and with the ever-increasing complexity and reliance on web applications, understanding these vulnerabilities is an important step to securing the IT environment.nnWe'll continue to explore more common vulnerabilities found in today's web applications, take a look at exploitation examples, case-studies and how to resolve these issues. In this talk we'll touch on some of the following topics:nn* Session Hijackingn* Cross-Site")
_bullshit-csrf-vulnerability-tester-bypass-captcha-by-rusty-data-it39s-only-a-prototype.webp "It's only security penetration test for cyber-warrior team. There is no vulnerability.nn I'm a Cyber-Warrior member and i testing captcha security.")
⏲ 1 min 17 sec ✓ 09-Dec-2012
_hacking-cookies-in-modern-web-applications-and-browsers.webp "Since cookies store sensitive data (session ID, CSRF token, etc.) they are interesting from an attacker's point of view. As it turns out, quite many web applications (including sensitive ones like bitcoin platforms) have cookie related vulnerabilities, that lead, for example, to user impersonation, remote cookie tampering, XSS and more.nnAt DeepSec 2015 Dawid Czagan (Silesia Security Lab) explained what to do when tackling cookies in modern browsers.")
_cracking-websites-with-cross-site-scripting-computerphile.webp "Computerphile")
_bug-bounty-oauth2-vulnerability-on-coinbase-com.webp "This is a demo of a PoC I wrote exploiting a bug in Coinbase.com's OAuth implementation. It was possible to retrieve the OAuth app authorization form as one user and forward it (along with the CSRF token's etc) to the victim, with Javascript to autosubmit the form. Coinbase was not confirming the form was generated by the victim and so it was possible for an attacker to authorize their malicious app on the users account without their confirmation. All the victim was required to do was view a web")
_testdrevet-utvikling-for-systemer-uten-tester-stian-grenborgen-amp-anders-karlsen.webp "Har du noen gang vært redd for å gjøre massive omskrivninger av koden din for å øke lesbarhet? Har du noen gang vært nervøs ved bytte av server, versjoner etc? Automatisert regresjonstest er din reddende engel!nnHva gjør man når:nn...det er særdeles høye krav til kvalitet og regresjonsfeil er utelukket?nn...man må endre en applikasjon med nærmest ingen testdekning?nn...når tester kun dekker den delen av programmet som er endret, men ikke annen funksjonalitet?nnVi har utviklet en fr")
⏲ 33 min 5 sec ✓ 10-Sep-2014
_beyond-the-top-10-finding-business-logic-flaws-data-leakage-and-hard-coded-secrets-in-development.webp "The focus of many application security programs has long been the OWASP Top 10 or SANS Top 25 vulnerabilities. While there are many SAST solutions that can identify these technical vulnerabilities such as SQLi, CSRF or XEE, SAST is not effective in identifying vulnerabilities that require context such as conditions leading to business logic, data leakage or hard-coded secrets.nWhile pattern-matching techniques can be used to identify the symptoms of an injection vulnerability across any code-bas")
⏲ 32 min 81 sec ✓ 29-Apr-2020
_web-apps-security-series-part-4-csrf.webp "Web Apps Security Series Part 4 - CSRF")
Related Video Searches
Back to Search
Search csrf Desi Porn
Search csrf MMS Porn
Search csrf XXX Videos
Search csrf HD Videos
Search csrf XXX Posts
Search csrf Photos
Search csrf Leaks
Search csrf Web Series
Search csrf Pics
Search csrf VIP XXX
_sectalk-0x08-common-web-application-vulnerabilities-part-2.jpg)
_bullshit-csrf-vulnerability-tester-bypass-captcha-by-rusty-data-it39s-only-a-prototype.jpg)
_hacking-cookies-in-modern-web-applications-and-browsers.jpg)
_cracking-websites-with-cross-site-scripting-computerphile.jpg)
_bug-bounty-oauth2-vulnerability-on-coinbase-com.jpg)
_testdrevet-utvikling-for-systemer-uten-tester-stian-grenborgen-amp-anders-karlsen.jpg)
_beyond-the-top-10-finding-business-logic-flaws-data-leakage-and-hard-coded-secrets-in-development.jpg)
_web-apps-security-series-part-4-csrf.jpg)
![[+]](/images/menu.gif){kind=small}