Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, November 18 • 9:00am - 5:00pm
2 Day Pre-Conference Training: The Art of Exploiting Injection Flaws

Sign up or log in to save this to your schedule and see who's attending!

PROMOTION: All attendees of my class will receive FREE 1 month access to on-line labs after the class allowing them more time to practice the concepts taught in the class.

2 Day Class running Monday Nov 18 and Tuesday Nov 19

Overview

OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1
(even the 2013 Relese Candidate for Top 10 has retained injection flaw as top flaw)
This hands-on session will only focus on the injection flaws and the attendees will get an in-depth understanding of the flaws arising from this vulnerability. The topics covered in the class are:
SQL Injection
XPATH Injection
LDAP Injection
Hibernate Query Language Injection
Direct OS Code Injection
XML Entity Injection
During the 2 days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered. The following are the objectives of the course:
Understand the problem of Injection Flaws
Learn a variety of advanced exploitation techniques which hackers use.
learn how to fix these problems?

WHAT STUDENTS WILL BE PROVIDED
Student hand-outs
Tools/scripts (some public and some not so public)

WHO SHOULD ATTEND
Web Application Developers
Web Application Security Consultants
Penetration Testers
Anyone who wants to take their skills to next level

WHAT TO EXPECT
Shells popping
Advanced data ex-filtration techniques.
Advanced exploitation (some neat, new and ridiculous hacks).
Some insane examples of code which appears secure but it's not.

WHAT STUDENTS SHOULD BRING
Students must bring their own laptop with Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks like install software, disable antivirus etc. Devices which don't have ethernet connection (e.g. macbook Air, tablets etc) are not supported. A prior knowledge of Database systems and SQL language will be an added advantage but it's not a strict requirement.


Speakers
avatar for Sumit Siddharth

Sumit Siddharth

Director, NotSoSecure Ltd.
Sumit “sid” Siddharth is the founder of NotSoSecure Ltd, a specialist IT security firm delivering high-end IT security consultancy and Training. Prior to NotSoSecure, he worked as Head of Penetration Testing for a leading IT security company in UK. He has more than 8 years of experience in Penetration Testing. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including numerous... Read More →


Monday November 18, 2013 9:00am - 5:00pm
Brecht (4th Floor) NY Marriott Marquis

Attendees (16)