Back To Schedule
Wednesday, October 18 • 12:15 - 13:45
CtF Workshop #2 - Exploiting Authentication Issues For 25,000$

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Authentication mechanisms are considered to be the most sensitive part of any application and yet they seem to be some of the most prone for implementation errors. In this session, the security researcher will discuss how he broke the authentication mechanisms for some of the biggest applications in the world (Uber, Yahoo, Twitter, etc.). He will present advanced practical ways of exploiting SSO mechanisms such as SAML and OAuth, as well as user invitations and password reset mechanisms. 

In the second part of this session we will examine how CSP(Content Security Policy) helped fixing one of the vulnerabilities and we will elaborate about the various security-related HTTP security headers described by The Internet Engineering Task Force (IETF).

A security researcher from GE Digital will discuss what each one of these headers does to help augment web application security and under what circumstances they could be bypassed by a clever adversary. 

Attendees could perform the learnt attacks on a pre-configured environment during the workshop.

avatar for Michael Reizelman

Michael Reizelman

Security Researcher, GE Digital

Wednesday October 18, 2017 12:15 - 13:45 IDT
Room 37 - CS and Communications Building