Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks

  • Webcast Aired Thursday, 20 Feb 2020 3:30PM EST (20 Feb 2020 20:30 UTC)
  • Speaker: Adrien de Beaupre

We will discuss the meaning and go into the technical details of this vulnerability along with its exploitation. Message Authentication Code (MAC) is a popular way of validating if something has changed. There are a number of ways as well as hashing algorithms to do so. TL;DR use a HMAC with SHA3. Live demo! With code! Exploitable applications!