Backslash Powered Scanning: Hunting Unknown Vulnerability Classes

Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures - almost like an anti-virus. In this presentation, I'll share the conception and development of an alternative approach, capable of finding and confirming both known and unknown classes of injection vulnerabilities. by James Kettle Full Abstract: https://www.blackhat.com/eu-16/briefings/schedule/#backslash-powered-scanning-hunting-unknown-vulnerability-classes-4695