February 24-26, 2021
Online, Timezone GMT-5

HTTP Request Smuggling 101

Load balancers such as HAProxy, Varnish, Squid and Nginx play a crucial role in the performance of high-availability websites. All of those have different HTTP protocol parser implemented. What might be indicating the termination of one request for your load balancer might not be the end for your web server. In this presentation, see how an attacker can abuse vulnerable configurations or load balancer specific versions.

View all 130 sessions

Philippe Arteau

ServiceNow

Philippe is a security engineer at ServiceNow. He has an interest in software development, penetration testing and security code review. He also maintains Find Security Bugs, the open-source Java static analysis tool.
He discovered significant vulnerabilities in several popular applications like Google Chrome, DropBox, Runkeeper, Jira and more. He has presented at various conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, 44CON and JavaOne.

Read More

Online 2021 sponsored by