The Art of Exploiting Injection Flaws@Black hat Vegas 2013
The popular course on Injection Flaws will return to Las Vegas at Black hat 2013. The 2 days hands on course covers Injection flaws and ONLY injection flaws. We dont talk about XSS, CSRF, CRLF etc etc. I think, 2 days is not enough time to learn the entire web application security and thus I only focus on Injection Flaws.
I will be appearing on the famous podcast pauldotcom and giving a little insight on the course on April 25th 7PM ET.
A little write-up about this can be found here:
In short, the USP of course are:
Examples where SQLI gets un-detected by commercial tools
Advanced XPATH Injection (including 2.0)
Advanced LDAP Injection
Advanced HQLI/ORM Injection
Advanced XXE Injection, including blind XXE
The course page can be found here
See you in Vegas!
Update: here is the video from my podcast at pauldotcom:
Update: My interview at Dark reading which also gives an insight into the course can be found here