Original Post: Try it for yourself: the latest PortSwigger Research from Black Hat USA
At Black Hat USA, PortSwigger Research unveiled three significant studies that focus on emerging threats in web application security and how to mitigate them using Burp Suite tools.
- Web Timing Attacks: James Kettle presented methods to make web timing attacks practical, including identifying hidden attack surfaces and server-side vulnerabilities. These techniques are available in the Param Miner extension for Burp Suite.
- Email Parsing Exploits: Gareth Heyes highlighted vulnerabilities in email parsing that can allow attackers to bypass access controls. Mitigation techniques include using new payload wordlists in Burp Suite to detect these flaws.
- Web Cache Exploitation: Martin Doyhenard discussed vulnerabilities from web cache poisoning using URL parsing discrepancies. Burp Scanner now includes tests for these web cache deception vulnerabilities.
The article encourages practitioners to experiment with these techniques in the Web Security Academy labs and share their experiences on social media. Additionally, PortSwigger’s Discord community is recommended for keeping up with the latest research developments.
Go here to read the Original Post