Wednesday, July 26, 2017

Web Cache Deception Attack: White Paper

The Web Cache Deception attack vector was first published in this blog on February 2017. Since then, I presented it on Black Hat USA 2017 and BSides Tel-Aviv 2017.

Now, I'm proud to release a white paper explaining all about this attack, including:
- Attack methodology
- Implications
- Conditions
- Known web frameworks and caching mechanisms that meet the attack conditions
- Mitigations

In addition, you can find the presentation used in the Black Hat USA 2017 conference.

Huge thanks to all those who assisted along the way:
Sagi Cohen, Bill Ben Haim, Sophie Lewin, Or Kliger, Gil Biton, Yakir Mordehay, Hagar Livne

Would love to receive your feedback here and on Twitter (@omer_gil).