COMMSEC: Vulnerable Patterns in Modern Web Environments

This talk will be live streamed on the HITBSecConf Youtube Channel

As the world turns and we’re suddenly in the 20’s the landscape for Web applications continues to turn as well. Monolithic Web apps are being replaced by microservice driven environments of interconnected applications which bring their own types of pitfalls and vulnerabilities.

In the first part of the discussion, we’ll compare well known attack vectors between monolithic applications and microservice based architectures in order to understand the differences from both an attacker’s and defender’s perspective.

In the second half of the discussion, we will talk through some surprising vulnerabilities which are not bound to single components but span more than one app or service. A few vulnerabilities will be showcased in order to highlight the general issue patterns underneath. The according exploit techniques will be demonstrated and generalized such that they can be applied on other environments as well. From the exploitation techniques, we’ll deduce countermeasures and protection mechanisms against the demonstrated attacks.

The presentation should give both offensive and defensive sides of the audience fresh input regarding attacks within microservice architectures.

Location: Track 4 / CommSec Date: April 23, 2020 Time: 10:30 am - 11:30 am Joern Schneeweisz