Introduction to enterprise vulnerability assessment; finding Struts

  • Webcast Aired Tuesday, 12 Jun 2018 10:30AM EST (12 Jun 2018 14:30 UTC)
  • Speaker: Adrien de Beaupre

This is an introduction to SANS SEC460, Enterprise Threat and Vulnerability Assessment, focusing on web application testing. It's a story about how a vulnerability in a framework could lead to web application compromise. We will discuss how a remote code execution vulnerability led to the Equifax data breach. If there is an exploitable condition in a component that your application relies on you could be in trouble. A properly performed security assessment can help you identify these issues and describe the risk associated with it. The Struts 2 framework implemented poor input validation in an API call which meant that any and all applications based on that framework were vulnerable. A live demo of identifying the vulnerability will be performed during the session.


Adrien de Beaupre is the co-author of the brand new course, SEC460, Enterprise Threat and Vulnerability Assessment.