NorthSec 2021

Philippe Arteau

Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.

The speaker's profile picture

GitHub account (full URL)

https://github.com/h3xstream

LinkedIn profile (full URL)

https://www.linkedin.com/in/philippearteau/

Twitter account (full URL)

https://twitter.com/h3xstream

Website (full URL)

https://blog.h3xstream.com/

What is your company/affiliation(s)?

Gosecure

What is your title?

Security Researcher


Sessions

05-21
12:50
30min
Request Smuggling 101
Philippe Arteau

This presentation provides an overview of the latest research on HTTP Request Smuggling (HRS), an attack abusing inconsistencies between the interpretation of requests’ ending by HTTP request parsers. The attack occurs when, for the same stream, the proxy component sees one request while the web backend component sees two distinct requests.

The most common risks will be presented, along with a set of payload variations and a live attack demonstration.

Cloud
Main stream
05-21
14:00
30min
Cloud security
Philippe Arteau, Renzon Cruz, Magno Logan, Evelyn Lam, Max Habra

Q&A and discussion for the cloud security block, hosted and moderated by Max Habra. Questions will be gathered from the audience during the three prior talks.

Cloud
Main stream