Abstract: HTTP Request Smuggling is an attack capable of bypassing security protections and "poisoning the well" for caching web proxies. In this talk we'll be discussing attack scenarios and their security implications.
Speaker: Gabriel has been actively involved in the security industry since 2007 and currently holds the position of security analyst at Rapid7.
Abstract: HTTP Response Splitting is a web application vulnerability that is often misunderstood, but can lead to a serious compromise. This talk will walk through the basics of Response Splitting, how an attack works, and what you can do to defend against it.
Speaker: Ben Columbus is a security analyst for Rapid7, who specializes in network and web application penetration testing. He has been working in security for the last eight years in various positions and was previously a penetration tester for the State of Texas.
Abstract: The talk will provide information about headers used for Cross-Origin Resource Sharing (CORS) and how servers use these headers to communicate access policy to browsers. The possible security implications of misconfigured CORS headers will be discussed.
Speaker: Jacob enjoys learning about security vulnerabilities and their usage in the real world.