Wednesday, July 26, 2017

Web Cache Deception Attack: White Paper

The Web Cache Deception attack vector was first published in this blog on February 2017. Since then, I presented it on Black Hat USA 2017 and BSides Tel-Aviv 2017.

Now, I'm proud to release a white paper explaining all about this attack, including:
- Attack methodology
- Implications
- Conditions
- Known web frameworks and caching mechanisms that meet the attack conditions
- Mitigations

In addition, you can find the presentation used in the Black Hat USA 2017 conference.

Huge thanks to all those who assisted along the way:
Sagi Cohen, Bill Ben Haim, Sophie Lewin, Or Kliger, Gil Biton, Yakir Mordehay, Hagar Livne

Would love to receive your feedback here and on Twitter (@omer_gil).



  1. This site is helping for every person and easily get money through the bitcoin ATM card. Please visit this site for bitcoin atm card ranking. you can change any money into another currency in anywhere in the world

  2. The Escorts in Karachi are very talented, as not only they are completely beautiful but also know how they can be best as your partners.
    Karachi Call Girls
    She is a perfect busty escorts Karachi girl who can switch on your smile ... parts of Karachi for in-call as well as out-call, such as defence etc.

  3. There is no better idea of keeping your mobile loaded with balance all the time. If you are also looking for any useful way to utilize your top up phone with bitcoin then hurry up and avail our service as much as can. There is no limit of it. Make your mobile life happier with balance recharge through NETELL.NET. COME SOON .THANK YOU .