Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore practical web timing attacks in this 43-minute conference talk from DEF CON 32 that reveals how to exploit timing oracles hidden within websites. Discover novel attack concepts for extracting server secrets, including masked misconfigurations, blind data-structure injection, and hidden routes to restricted areas. Learn how recent advances have made these attacks both accurate and efficient, enabling reliable detection of sub-millisecond differentials in just ten seconds without special configurations. Gain hands-on experience with battle-tested open-source tools for both automated exploitation and custom attack scripting, and participate in a CTF challenge to practice these new skills. Master a refined methodology for transforming theoretical attack concepts into practical exploits, developed through extensive testing across thousands of websites. Understand how to harness this powerful and often overlooked side-channel for effective security testing.
