Thursday 20 March 2014

Updated presentation of 'RESTing On Your Laurels will Get YOu Pwned' (RSA version)

At the last RSA conference, Abe and Alvaro presented an updated version of the RESTing On Your Laurels will Get YOu Pwned presentation (originally delivered by me and Abe at DefCon 2013).

Here is the description
Public REST APIs have become mainstream. Now, almost every company that wants to expose services or an application programming interface does it using a publicly exposed REST API. This talk will give participants the skills they need to identify and understand REST vulnerabilities. The findings are a result of reviewing production REST applications as well as researching popular REST frameworks.   
By Abraham Kang, Alvaro Muñoz and Dinis Cruz
In addition to the original demos we did, Alvaro added a nice Metasploit PoC which really should drive home the problem with XStream and XMLDecoder.

References:


Presentation:


You can see the presentation at SlideShare (and embedded below):