Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Java Authentication and Authorization Service (JAAS) - A Novel Attack Surface

Black Hat via YouTube

Start learning Write review
Udacity Ad

Master AI & Data—50% Off Udacity (Code CC50)

Learn More → Corporate Finance Institute Ad

Master Finance Tools - 35% Off CFI (Code CFI35)

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
This Black Hat conference talk explores the security vulnerabilities within Java Authentication and Authorization Service (JAAS), a widely-used Java framework for authentication and authorization. Discover how security researchers from Alibaba Cloud uncovered a novel attack surface they've termed "JAAS Attack," which extends beyond the 2023 JNDI injection vulnerability found in Kafka. Learn about their comprehensive analysis of popular Java libraries that revealed numerous vulnerabilities affecting major vendors including Amazon, Cloudera, IBM, and Microsoft. The presentation details how these vulnerabilities can be exploited in real-world scenarios to achieve Remote Command Execution (RCE), demonstrates why Kafka's fix solution remains insecure, and provides security design principles for safely integrating JAAS into Java libraries. Gain valuable insights to broaden your security research perspective and develop skills to identify new attack surfaces in Java applications.

Syllabus

A Novel Attack Surface: Java Authentication and Authorization Service (JAAS)

Taught by

Black Hat

Reviews

Start your review of Java Authentication and Authorization Service (JAAS) - A Novel Attack Surface

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.