Overview
Explore a comprehensive analysis of the BREACH attack and its ongoing threat to web application security in this 46-minute Black Hat conference talk. Delve into the attack methodology, defense strategies, and the innovative CTX architecture designed to eliminate BREACH vulnerabilities. Learn about cross-compression examples, alignment issues, and permutations as presented by experts Aggelos Kiayias, Dimitris Karakostas, Dionysis Zindros, and Eva Sarafianou. Gain insights into the origins of the attack, secret management, and practical solutions for implementing context hiding. Discover key takeaways on improving web application security against compression-based attacks and explore open-source libraries and encodings that can help mitigate these risks.
Syllabus
Introduction
Crime
Roger
Attack Methodology
Attack Diagram
Defense
Origin
Secrets
Cross Compression Example
Cross Compression Solutions
Alignment
Example
Permutations
Comparison
Origins
Response Size
Response Size Diagram
CTX Architecture
How does it work
Open Source
Libraries
Encodings
Key takeaways
Questions
Taught by
Black Hat