Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how Unicode normalization vulnerabilities can be weaponized to bypass security controls in this 34-minute Black Hat conference talk. Discover how data transformation processes like Unicode normalization, encoding, and translation create attack vectors that allow threat actors to evade Web Application Firewalls (WAFs), input filters, and backend logic. Learn about critical security flaws including visual confusables, best-fit mappings, truncation overflows, case-mappings, and entity decodings that enable Remote Code Execution (RCE), Cross-Site Scripting (XSS), Server-Side Template Injection (SSTI), Open Redirects, and HTTP Response Splitting attacks. Examine real-world attack data from Akamai's research team through live exploitation demonstrations and gain insights into high-impact vulnerabilities such as CVE-2024-4577 (PHP-CGI Argument Injection). Master cutting-edge Unicode fuzzing techniques and discover practical security tools including Shazzer, recollapse, and enhanced Burp Activescan++ capabilities for detecting Unicode-based vulnerabilities. Develop comprehensive understanding of Unicode security pitfalls and acquire hands-on methodologies for identifying and mitigating these sophisticated attack vectors in modern web applications.
