Back from a short trip to SEaCURE.it, the first international security conference ever held in Italy. Together with Stefano@Minded, I gave a presentation on HTTP Parameter Pollution (HPP).
Cutting the crap, we have added a few slides regarding possible detection techniques, information leakage in Python via HPP vectors, PayPal NVP API abuse and a theoretical bypass of anti tampering HMAC.
Our interview, recorded during OWASP AppSec EU 2009, is finally online. Check the "OWASP Podcast 46, interview with Luca Carettoni & Stefano Di Paola (HTTP Parameter Pollution)"