Hackers fail to crack Chrome OS

March 8, 2013 fdesir 1

An interesting article from YAHOO News  tech section: Google (GOOG) offered hackers a chance at a big pay day if they could crack its Chrome OS platform. The company held its annual Pwnium competition at […]

Black Hat // Webcast 28 – HTTP Parameter Pollution Vulnerabilities in Web Applications

May 17, 2011 SecurityOrb_Staff 0

While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. This talk analyzes HTTP Parameter Pollution and presents the first automated system for the detection of HPP flaws in real web applications. We used this system to conduct a large-scale experiment by testing more than 5,000 popular websites and discovering unknown HPP bugs in many important and well-known sites such as Microsoft, Google, VMWare and PayPal. In this presentation we will describe the details of the architecture and of the algorithms we implemented to efficiently detect HPP vulnerabilities. We will conclude by discussing the HPP phenomenon and giving suggestions on how to prevent this novel class of injection vulnerabilities in future web applications. […]