This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

2018 BASC Presentations

From OWASP
Revision as of 02:27, 2 October 2018 by Laberdale (talk | contribs) (Starting to add Presentation Descriptions)

Jump to: navigation, search
Boston-Banner-468x60.gif
Home | Agenda | Code of Conduct | Presentations | Workshops | Speakers | Twitter 32.png


Platinum Sponsors

HackerOne Black Duck Software Optiv Veracode


Gold Sponsors

Checkmarx Dell Qualys nVisium GoSecure

 

Silver Sponsor

TWM

Please help us keep BASC free by viewing and visiting all of our sponsors.



We would like to thank our speakers for donating their time and effort to help make this conference successful.


MSeVader: Outsmarting the WAF

Presented by: Brent Dukes

ModSecurity Evader (MSeVader) is a tool that assists offensive security testers in crafting payloads that evade ModSecurity WAF rules. A Burp Suite extension providing visual feedback in real time to rule violations, the attacker can tweak payloads before submitting them to the web server, ensuring they are not blocked. The demonstration of the tool will include techniques of fingerprinting the WAF, to determine specific threshold settings of the WAF rules, allowing the attacker to know whether the payload will be blocked without sending packets. This tool has been used to successfully discover WAF evading payloads to execute SQL injection, XSS, and inject web shells to a site behind a popular commercial cloud-based WAF solution, at maximum paranoia settings.



You can find out more about this conference at the 2018 BASC Homepage
or by emailing [email protected]
Twitter 32.png
Retrieved from "https://wiki.owasp.org/index.php?title=2018_BASC_Presentations&oldid=243879"