The Art of Exploiting Injection Flaws@Black hat Vegas 2013

Hello All,

The popular course on Injection Flaws will return to Las Vegas at Black hat 2013. The 2 days hands on course covers Injection flaws and ONLY injection flaws. We dont talk about XSS, CSRF, CRLF etc etc. I think, 2 days is not enough time to learn the entire web application security and thus I only focus on Injection Flaws.

I will be appearing on the famous podcast pauldotcom and giving a little insight on the course on April 25th 7PM ET.

A little write-up about this can be found here:

In short, the USP of course are:

Advanced/Insane SQLI
Examples where SQLI gets un-detected by commercial tools
Advanced XPATH Injection (including 2.0)
Advanced LDAP Injection
Advanced HQLI/ORM Injection
Advanced XXE Injection, including blind XXE

The course page can be found here

See you in Vegas!


Update: here is the video from my podcast at pauldotcom:



Video streaming by Ustream

Update: My interview at Dark reading which also gives an insight into the course can be found here

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Post Navigation