Skip to main content

UK Cyber Week 2024

Sample Image


Complexity of Automated Web App Scanning

17 Apr 2024
Culture & Strategy
2. I've heard of ransomware

Due to their large and complex attack surface and the difficulty in ensuring they are secure, web applications continue to be a prime target in attacks. All it takes is a flaw in the application itself, its framework, the web server or proxy server configuration, or even some third-party component (e.g. a JavaScript library that is embedded on each web
page) to lead to a full compromise of a host or network.

In this session, we will talk both generally about the trends in web application security and look at specific examples of how key vulnerabilities arise (e.g. discussing how, without adequate sanitisation, tainted user input can reach dangerous functions within some layer of the system), paying particular attention to those more subtle cases that
usually go under the radar.

We will build up a solid understanding, working from the most basic ideas to more intricate scenarios, sparing no detail whilst remaining accessible to non-technical audiences.

Key Takeaways:

  • Gain an appreciation of the attack surface complexity of modern web applications.
  • An insight into how vulnerabilities manifest, whatever their particular form, and their detection through means of inference and signatures.
  • An insight into more subtle detection, such as side-channel and out-of-band detection.
Nick Blundell, Head of Research & Development - Appcheck

 Technical Rating