Cache Poisoning at Scale

According to Ladunca,

“I would say a good way to secure CDNs from cache poisoning attacks would be disabling caching for error status codes, a mitigation which should stop a large part of CP-DoS attacks,” he said.

The researcher also recommended using PortSwigger’s Param Miner, an open source tool that can identify hidden, unlinked parameters. Running Param Miner against web applications can help detect unkeyed headers that can be used for web cache poisoning.

1 Like