The Art of Exploiting Injection Flaws@Black hat Vegas 2013

Hello All,

The popular course on Injection Flaws will return to Las Vegas at Black hat 2013. The 2 days hands on course covers Injection flaws and ONLY injection flaws. We dont talk about XSS, CSRF, CRLF etc etc. I think, 2 days is not enough time to learn the entire web application security and thus I only focus on Injection Flaws.

I will be appearing on the famous podcast pauldotcom and giving a little insight on the course on April 25th 7PM ET.

A little write-up about this can be found here:

In short, the USP of course are:

Advanced/Insane SQLI
Examples where SQLI gets un-detected by commercial tools
Advanced XPATH Injection (including 2.0)
Advanced LDAP Injection
Advanced HQLI/ORM Injection
Advanced XXE Injection, including blind XXE

The course page can be found here

See you in Vegas!