OnDemand + GIAC = Relevant Skills, Proven Ability

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks

  • Thursday, February 20th, 2020 at 3:30 PM EST (20:30:00 UTC)
  • Adrien de Beaupre
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

We will discuss the meaning and go into the technical details of this vulnerability along with its exploitation. Message Authentication Code (MAC) is a popular way of validating if something has changed. There are a number of ways as well as hashing algorithms to do so. TL;DR use a HMAC with SHA3. Live demo! With code! Exploitable applications!

Speaker Bio

Adrien de Beaupre

Adrien de Beaupre is a Principal SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes course development, technical instruction, vulnerability assessment, and penetration testing. He is a member of the SANS Internet Storm Center (isc.sans.edu) and is actively involved with the information security community.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.