The Web Cache Deception attack vector was first published in this blog on February 2017. Since then, I presented it on Black Hat USA 2017 and BSides Tel-Aviv 2017.
Now, I'm proud to release a white paper explaining all about this attack, including:
- Attack methodology
- Known web frameworks and caching mechanisms that meet the attack conditions
In addition, you can find the presentation used in the Black Hat USA 2017 conference.
Huge thanks to all those who assisted along the way:
Sagi Cohen, Bill Ben Haim, Sophie Lewin, Or Kliger, Gil Biton, Yakir Mordehay, Hagar Livne
Would love to receive your feedback here and on Twitter (@omer_gil).