HTTP Response Splitting or CRLF injection is an attack technique which enables various attacks such as web cache poisoning, cross user defacement, hijacking pages with sensitive user information and our favorite, cross-site scripting (XSS). This attack technique, and the derived attacks from it, are relevant to most web environments and is the result of the application’s failure to reject illegal user input, in this case,
input containing malicious or unexpected characters.

The talk will cover the concept of the attack and will take you through some use cases.



Sharath Unni is a security professional with 5 years of experience in Information security, his core areas are Penetration testing and vulnerability assessment. He is an active member of null/OWASP community and has presented on various security topics. His main interests are breaking into networks and web applications, participating in bug bounty programs and CTF events. He also contributed to Web Application Scanners benchmark project using WAVSEP by SectoolMarket.


Starts at Saturday September 20 2014, 12:00 PM. The sessions runs for about 1 hour.