Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks

We will discuss the meaning and go into the technical details of this vulnerability along with its exploitation. Message Authentication Code (MAC) is a popular way of validating if something has changed. There are a number of ways as well as hashing algorithms to do so. TL;DR use a HMAC with SHA3. Live demo! With code! Exploitable applications!