Who Is Your Parser And What Does He Do: URL Parsing Gone Wrong


Understanding URLs is hard, parsing them is even harder. When we compared different URL parsers, we found that the results varied from one parser to another. That sparked our curiosity and led us to compare URL parsers across different platforms and programming languages. In our presentation, we will discuss numerous exploitation techniques that use URL parsing inconsistencies, as well as some vulnerabilities we’ve discovered in popular open-source projects used by many applications.

Browse SnykCon 2021 talks


Noam Moshe
Security Researcher, Claroty