DeepSec 2013 Video: The Boomerang Effect – Using Session Puzzling To Attack Apps From The Backend
Attacking fortified positions head on looks good on the silver screen. Real life attackers have no sense for drama and special effects. Battering closed doors will get you nowhere fast. Instead modern adversaries take a good look at open doors and exploit them to get what they want. Security specialists know about the dangers of management interfaces (also known as backends). This is one main focus of denying unauthorised access. Once a backend is exposed, the consequences can be very fatal to your digital assets.
At the DeepSec 2013 conference Shay Chen (Hacktics ASC, Ernst & Young) explained how attacks originating from backends look like and what attackers can do once they gained foothold.