This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP AppSec DC 2012/Training/The Art of exploiting Injection Flaws

From OWASP
Jump to: navigation, search

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

Description

Course Length: 2 Day

OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1



This hands-on session will only focus on the injection flaws and the attendees will get an "in-depth" understanding of the flaws arising from this vulnerability. The topics covered in the class are:



SQL Injection
XPATH Injection
LDAP Injection
Hibernate Query Language Injection
Direct OS Code Injection
XML Entity Injection
The workshop covers classical issues such as SQL Injection, which is an oldie yet very relevant in today's scenario as well as some lesser known injection flaws such as LDAP, XPATH and XML Injection.

During the 2 days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered.

Student Requirements

Laptop Required: Students Need to Bring: It would be good if you could provide a wired network. if not, I can carry some switches and CAT5 cables.

Objectives

Audience: Technical Skill Level: Intermediate

The key objectives of the class are:



1. Understand the problem of Injection Flaws

2. Learn a variety of advanced exploitation techniques which hackers use.

3. Understand how to fix the problem?

Instructor

Sumit Siddharth


Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg