Security Vulnerabilities The Next Wave

Issue link:

Contents of this Issue


Page 1 of 21 July 2017 2 Major Websites Vulnerable to Their Own Back-End Servers DoD, other websites found with back-end server flaws and misconfigurations that could give attackers an entryway to internal networks, researcher will demonstrate at Black Hat USA. By Kelly Jackson Higgins A UK researcher hacked his way through the public websites of the US Department of Defense and several major commercial organizations via some not-so-visible weaknesses and vulner- abilities that netted him a grand total of $30,000 in bug bounty rewards. James Kettle, head of research at Port- Swigger Web Security, used homegrown hacking tools to find holes in certain public websites and to then drop payloads of malformed Web requests and phony headers on those sites in order to work his way into the back-end servers — and in some cases, gain access to the internal network of the organization. Back-end servers are the oft-forgotten Everything Security Black Hat, the world's leading information security event series, provides attendees with the very latest in research, development, and trends. Black Hat USA will return to Las Vegas for its 20th year with Trainings taking place July 22-25, 2017, followed by Briefings, Arsenal, Business Hall, and more July 26-27, 2017. Register with code DRbh17 to save $200 off your Briefings pass. Register Next Previous

Articles in this issue

Links on this page

view archives of InformationWeek - Security Vulnerabilities The Next Wave