Final Week to Get a MacBook Air or Surface Pro 7 with Online Training - Best Offers of the Year!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Java on the server? What could possibly go wrong?

  • Friday, December 08, 2017 at 3:00 PM EST (2017-12-08 20:00:00 UTC)
  • Adrien de Beaupre, Jason Blanchard

You can now attend the webcast using your mobile device!

  

Overview

A story about how a vulnerability in a framework or library could lead to web application compromise. We will discuss how a vulnerability in a Java library can lead to compromising Jenkins and a remote code execution vulnerability led to the Equifax data breach. If there is an exploitable condition in a component that your application relies on you could be in trouble. A properly performed security assessment can help you identify these issues and describe the risk associated with it. An underlying flaw in Java known as unsafe Java deserialization was one issue. The other was an issue in how the Struts framework implemented poor input validation an API call which meant that any and all applications based on that framework were vulnerable. A live demo of each exploit will be performed during the webcast. There are other examples of such issues, we describe and exploit many of them in the SANS course SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques.

Speaker Bios

Adrien de Beaupre

Adrien de Beaupre is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response, and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). Adrien is actively involved with the information security community, and organizes the #BSidesOttawa conference. When not geeking out and breaking stuff he can be found with his family, or at the dojo.


Jason Blanchard

Jason Blanchard is the SANS Pen Test Curriculum Marketing Manager

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.