Nullcon Berlin 2023 | Server Side Prototype Pollution: Blackbox Detection Without The DoS by Gareth

Abstract:
--------------
Detecting server side prototype pollution legitimately is quite difficult because it involves changing the state of Object prototypes on the server and that can almost certainly cause DoS. I've created multiple techniques that allow you to detect SSPP without bringing the server to its knees and without needing the source code.

I'll talk about how you can detect server side prototype pollution and the pros and cons of each technique and show you how to detect the type of JavaScript engine being used on some sites all blackbox with specially crafted requests. Finally I'll share an open source Burp extension that will help you detect SSPP using Burp Suite and wrap up with defensive measures you can take, takeaways and leave 5 minutes for questions.

#Keynote #NullconBerlin2023 #Infosec #DoSattack #Conference
----------------------------------------------------------------------------------------
Follow nullcon on Facebook:   / nullcon  
Twitter:   / nullcon  
LinkedIn:   / nullcon  
Website: https://nullcon.net