March 20, 2025
Abstract:
For the past decade, web proxy attacks have been wreaking havoc on the security landscape. They’ve slithered past firewalls, evaded detection, and frustrated both proxy vendors and website owners. Yet, the web security community has been strangely silent on how to solve them. Why? Are we secretly enjoying the chaos they create, watching as attackers dance circles around $$$ security products? In this slightly horrifying talk, I’ll explain how a CDN architect reasons about these problems, with a breakneck survey of the scholarly research (not) happening on the topic. We’ll explore the dark corners of proxied web attacks, why they’ve been allowed to thrive unchecked, and why we’re bound to be stuck in a vicious cycle of “patch and pray” for a bit longer.
Bio:
Kaan is a Principal Architect of cybersecurity at Akamai, and part-time faculty at Northeastern University’s Khoury College of Computer Sciences. Kaan’s recent research focuses on discovering and eliminating systems-centric vulnerabilities in proxied web architectures and content delivery networks.