Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks

  • Thursday, February 20, 2020 at 3:30 PM EST (2020-02-20 20:30:00 UTC)
  • Adrien de Beaupre

You can now attend the webcast using your mobile device!



We will discuss the meaning and go into the technical details of this vulnerability along with its exploitation. Message Authentication Code (MAC) is a popular way of validating if something has changed. There are a number of ways as well as hashing algorithms to do so. TL;DR use a HMAC with SHA3. Live demo! With code! Exploitable applications!

Speaker Bio

Adrien de Beaupre

Adrien de Beaupre is a Principal SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes course development, technical instruction, vulnerability assessment, and penetration testing. He is a member of the SANS Internet Storm Center ( and is actively involved with the information security community.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.