středa 23. května 2012

They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces


After a thorough examination of a number of common Security Gateway products over the past few months I have determined that Security Gateway Web User Interfaces are often vulnerable to security flaws, which could enable an attacker to gain control of the UI, bypass controls within the application, and in many cases control the underlying operating system.
Based on this research I have reported over 30 vulnerabilities, complete with proof-of-concept exploits to the vendors of these products.
This presentation will discuss vulnerabilities common across these products, weaknesses in product design, and some interesting attack vectors where external attackers can exploit Security Gateways via the UI, even where the attacker has no direct access to the UI.
  

Žádné komentáře:

Okomentovat