Web shells: a dirty little secret of application security

Web shells are malicious web applications attackers place on vulnerable application servers to control them remotely. They’ve existed since the early days of web applications but gained significant attention when they were a substantial component of last year’s Equifax breach. As exterior perimeters have become better and better defended against non-web attacks, web servers have increasingly become the gateway into internal networks, and web shells are a powerful tool for doing so.

This talk will cover the basics of what web shells are, how they operate, and some typical examples. It also includes ways to detect them at the server and network layers, common problems doing so, and ways to solve those problems.

Speaker: Joe Schottman