Description: Blackhat 2012 Europe - They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
After a thorough examination of a number of common Security Gateway products over the past few months I have determined that Security Gateway Web User Interfaces are often vulnerable to security flaws, which could enable an attacker to gain control of the UI, bypass controls within the application, and in many cases control the underlying operating system.
Based on this research I have reported over 30 vulnerabilities, complete with proof-of-concept exploits to the vendors of these products.
This presentation will discuss vulnerabilities common across these products, weaknesses in product design, and some interesting attack vectors where external attackers can exploit Security Gateways via the UI, even where the attacker has no direct access to the UI. https://media.blackhat.com/bh-eu-12/Williams/bh-eu-12-Williams-Exploiting_Gateways-WP.pdf https://media.blackhat.com/bh-eu-12/Williams/bh-eu-12-Williams-Exploiting_Gateways-Slides.pdf
Tags: securitytube , conference , hacking , hackers , information security , convention , computer security , blackhat12 , blackhat-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.