Memcached is a distributed memory caching system. It is in great demand in big-data Internet projects as it allows reasonably sped up web applications by caching data in RAM. Cached data often includes user sessions and other operational information.
This talk is based on research of different memcached wrappers to popular web application development platforms, such as Go, Ruby, Java, Python, PHP, Lua, and .NET. The primary goal is determining input validation issues at key-value data which could be used to inject arbitrary commands to memcached protocol.
As a result, the Speaker found a way to do something like "SQL Injection attacks," but on memcached service. Such an attack in practice leads to different effects from authentication bypass to execution of arbitrary interpreter's code. It's a real world problem found on security audits and exists on different popular web applications.