This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, July 28 • 3:15pm - 4:00pm
BlindElephant: WebApp Fingerprinting and Vulnerability Inferencing

Sign up or log in to save this to your schedule and see who's attending!

Standard known web applications such as blogging, forum and e-commerce software make up over half of the active web applications on the Internet. Vulnerabilities in these applications (and their plugins) are discovered at an accelerated rate and abused for site defacement and increasingly to serve malware.

Website administrators need to keep track of the versions of these web applications installed and update them to a non-vulnerable release. Remote web application fingerprinting is a technique to identify the version of a known web application through only its publicly available files and to use the data to report on vulnerabilities of the application.


The presentation will detail the steps in this fingerprinting process, including full automation from database seeding to remote probing. It will then illustrate use of the detection technique on a number of well known websites to show what applications and plugins are installed and what vulnerabilities are resident on these sites. The presentation will discuss how our techniques are able to produce order of magnitude improvements over existing implementations.


In conjunction with this talk, I will also release a free community tool implementing the described techniques with more examples.

Wednesday July 28, 2010 3:15pm - 4:00pm
Day 1 - Malware +Fingerprinting

Attendees (23)