Hunting Logic Attacks - SANS@Mic South by Southeast Asia

  • Webcast Aired Wednesday, 04 Nov 2020 9:30AM EST (04 Nov 2020 14:30 UTC)
  • Speaker: Hassan El Hadary

One of the most challenging problems to developers these days is to develop secure applications. Development platforms have provided several techniques to protect from common attacks such as Cross-Site Scripting, SQL injection, and others. However, logic attacks are still the hardest to stop because it is tricky and hard to discover. Logic attacks could allow an attacker to gain access to sensitive data and get control of unauthorized systems. In the era of IoT and complex applications, logic attacks will have higher impact. 'In this talk, we will present several logic attack stories that allow attackers to break developer defenses. 'All stories are inspired from findings discovered in real-life professional experience and bug bounty programs. Finally, we will discuss the future of such attacks and its application on IoT systems.