OWASP Cincy August Meeting - Server Side Request Forgery, presented by CBTS

[Lee Epling]

In the heat of summer is a great time to learn a little about server side request forgery! Join us for a discussion on SSRF, presented by CBTS! 

Space is limited, so reserve your spot now! - https://www.eventbrite.com/e/owasp-cincy-august-meeting-server-side-request-forgery-presented-by-cbts-tickets-68287260033

Meeting time - August 28th, 11:30 AM - 1:00 PM

Presentation Abstract:

Server-Side Request Forgery is a type of an attack where a bad actor can modify parameters (e.g. URL’s, metadata, etc) to either create or gain control over requests from a vulnerable machine. While not confirmed, SSRF is suspected to have played a role in the recent Capital One breach and the compromise of credentials used to gain access to the AWS S3 bucket containing Capital One’s data.

CBTS will be deep-diving into the details and techniques surrounding SSRF. We’ll walk away from this talk with a better understanding of the inner workings of the attack and will be better armed to help our organizations prevent against the threat.

Speaker Bio:

Nate Fair is currently an information security consultant for CBTS Security Services Team. Our team performs security services for 5-man shops and Fortune 5's. Services performed include network and wireless penetration testing, vulnerability assessments, security architecture and program reviews, web application testing, and physical security assessments. 

Nate also teaches penetration testing at the University of Cincinnati and is part of the team behind BSides Cincinnati, helping create it's CTF competition. 

Location:

Paycor HQ

4811 Montgomery Road

Norwood, Ohio 45212