Matteo Golinelli, PhD student in cybersecurity at the University of Trento, Italy. - Digital Security
Date: - Location: Eurecom
Abstract: Web caches, proxies and load balancers are fundamental components of the modern web infrastructure. They enable websites with millions of visitors to meet the performance requirements expected by users. Yet, if not carefully considered, the introduction of these technologies in an already complex system can create new vulnerabilities, especially when different organizations manage these components. In this talk, we will cover possible security implications for websites of the introduction of web caches or Content Delivery Networks and the vulnerabilities that can arise, such as Web Cache Deception, cache poisoning, and the leakage of personal information and security tokens. Finally, we will introduce a novel methodology to detect hidden caches that uses a new type of timing attack. Short bio: Matteo Golinelli is a PhD student in cybersecurity at the University of Trento, Italy. He is mainly interested in web security, with a special focus on web caches and interactions between different HTTP components.
