The Art of Exploiting Injection Flaws@Black hat Vegas 2013

<< Back to blog

Hello All,

The popular course on Injection Flaws will return to Las Vegas at Black hat 2013. The 2 days hands on course covers Injection flaws and ONLY injection flaws. We dont talk about XSS, CSRF, CRLF etc etc. I think, 2 days is not enough time to learn the entire web application security and thus I only focus on Injection Flaws.

I will be appearing on the famous podcast pauldotcom and giving a little insight on the course on April 25th 7PM ET.

A little write-up about this can be found here:

In short, the USP of course are:

Advanced/Insane SQLI
Examples where SQLI gets un-detected by commercial tools
Advanced XPATH Injection (including 2.0)
Advanced LDAP Injection
Advanced HQLI/ORM Injection
Advanced XXE Injection, including blind XXE

The course page can be found here

See you in Vegas!

Update: here is the video from my podcast at pauldotcom:

Video streaming by Ustream

Update: My interview at Dark reading which also gives an insight into the course can be found here

Leave a Reply

Your email address will not be published. Required fields are marked *