The Top 5 Sessions You Shouldn’t Miss at Black Hat 2024
2023 was a challenging year for AppSec professionals, with a distinct increase in high-profile attacks targeting applications, including Ivanti Gateway, GoAnywhere, MOVEit and Microsoft Sharepoint. The ever-vulnerable applications layer remains one of the industry’s most pressing pain points, and at Miggo we’re determined to resolve it with our Application Detection and Response (ADR) solution. At this year’s Black Hat, we’re excited to discuss these and other AppSec challenges with our fellow security practitioners, as well as dive deeper into the vulnerability, exploitation and attack surface gaps in the following sessions.
1. Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls
Speakers: Qi Wang, Jianjun Chen, Run Guo, Chao Zhang, Haixin Duan
Date: Thursday, August 8 | 2:30pm-3:00pm
(Web Application Firewalls) WAFs give us a sense of comfort, but attackers constantly find new ways to bypass them. Without appropriate oversight or management, blind spots and security gaps leave us unknowingly vulnerable to application-based attacks. Understanding these vulnerabilities through this insightful session will illuminate a persisting pain point, and helpsecurity practitioners discover, detect and mitigate such threats effectively.
2. Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls
Speaker: Gareth Heyes, Researcher, PortSwigger
Date: Wednesday, August 7 | 1:30pm-2:10pm
Malicious actors have rightfully zeroed-in on the application risk surface as a lucrative target. This session will help us understand the fascinating strategies attackers employ in order to exploit email parsers to bypass access controls. Learning these techniques is crucial for reinforcing our authentication and security protocols.
3. Project Zero: Ten Years of ‘Make 0-Day Hard’
Speaker: Natalie Silvanovich, Team Lead and Security Engineer, Google
Date: Wednesday, August 7 | 11:20am-12:00pm
Since its inception in 2014, ‘Project Zero’ has consistently been a lighthouse for security research. This session will provide valuable insights into these extraordinary researchers, their formidable achievements and their reflections on the changing vulnerability and 0-day threat landscape.
4. Gotta Cache Em All: Bending the Rules of Web Cache Exploitation
Speaker: Martin Doyhenard, Security Researcher, PortSwigger
Date: Thursday, August 8 | 10:20am-11:00am
Even us AppSec experts never cease to be surprised by the number of new ways attackers find to breach applications. This session will explore new and advanced techniques to exploit URL parsing inconsistencies.
5. Listen to the Whispers: Web Timing Attacks that Actually Work
Speaker: James Kettle, Director of Research, PortSwigger
Date: Wednesday, August 7 | 10:20am-11:00am
Web timing attacks often seem theoretical, but seeing them in action is truly exciting. In this session, the speaker will underline the need to stay ahead of stealth techniques that uncover masked misconfigurations and hidden routes, providing real-world case studies and a suite of battle-tested open-source tools for exploitation and attack-scripting.
As AppSec professionals ourselves, we find that these sessions hold immense value for security practitioners who strive to understand the latest vulnerabilities and exploitation techniques. Dive deep with these professionals and gain the knowledge and tools that will help you stay ahead of the curve and effectively secure your applications. Register for Black Hat today and join Miggo as we strive to revolutionize the AppSec landscape!
About Miggo
Miggo is the first Application, Detection and Response platform, providing the visibility, response and understanding you need to prevent application breaches. Using in-application context to shed light on your biggest attack surface, Miggo’s ADR enables businesses to monitor how applications behave in runtime and stop attackers from manipulating chains of trust between distributed services. With Miggo, monitor application weak spots, identify and mitigate attacks in real time. Visit miggo.io for more information about our ADR revolution!