Pentesting MCP Servers: Live Demo & Attacks, (OWASP Bay Area Talk) скачать в хорошем качестве
Pentesting MCP Servers: Live Demo & Attacks, (OWASP Bay Area Talk)
3 месяца назад
Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...
Повторяем попытку...
Скачать видео с ютуб по ссылке или смотреть без блокировок на сайте: Pentesting MCP Servers: Live Demo & Attacks, (OWASP Bay Area Talk) в качестве 4k
У нас вы можете посмотреть бесплатно Pentesting MCP Servers: Live Demo & Attacks, (OWASP Bay Area Talk) или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
-
Информация по загрузке:
Скачать mp3 с ютуба отдельным файлом. Бесплатный рингтон Pentesting MCP Servers: Live Demo & Attacks, (OWASP Bay Area Talk) в формате MP3:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
Pentesting MCP Servers: Live Demo & Attacks, (OWASP Bay Area Talk)
In this #owasp BayArea talk, @RiyazWalikar (Co-Founder, @Appsecco & @kloudle breaks down how to pentest #mcp servers with real demos, live exploitation, and a practical 10-point checklist (downloadable PDF). If you're building AI agents, MCP servers, or integrating Claude, Cursor, or Windsurf into production systems, this talk shows why MCP is the newest and fastest-growing attack surface in AI security. 🔍 What this talk covers • How Claude Desktop and AI clients decide when to call tools • Differences between tool calls and MCP calls • Why local MCP servers leak secrets, PII, API keys, and env variables • Typosquatting and homograph attacks on MCP server packages • Code execution via malicious formatters and unsafe evals • Remote MCP server risks: OAuth redirects, boundary bypasses, SSRF, IMDS abuse • How agent-to-agent communication amplifies indirect prompt injection risks • Rugpull attacks on MCP servers (time-of-check/time-of-use issues) • Real demos of: • secrets and keys embedded in MCP packages • malicious tool-call manipulation • indirect prompt injection • reading process.env through unsafe formatters • name-squatting of MCP servers 🛡️ 10-Point MCP Pentesting Checklist The video includes a complete checklist for anyone assessing MCP servers or AI agents. Download the PDF here: GitHub (latest updates): https://github.com/appsecco/pentestin... 🧪 Tools Mentioned in the Talk • Appsecco MCP Proxy Client – Intercept STDIO + HTTP traffic from MCP servers • BurpSuite Integration – Inspect backend API calls from agents • Claude Desktop + Cursor Examples – Understanding tool-call boundaries 👨🏫 About the Speaker Riyaz Walikar Chief Hacker & Co-Founder, Appsecco and Kloudle 16+ years in offensive security Specializing in AI red teaming, MCP security, agent testing, and SaaS pentesting 🔗 Follow Appsecco Website: https://appsecco.com YouTube: / @appsecco LinkedIn: / appsecco
Comments
