Aug 28, 2013

BruCON training in the spotlights: "The Art of Exploiting Injection Flaws"

We have some great trainings lined up for you at BruCON this year.
Just to make it even harder for you to choose one, we will put some of these trainings in the spotlight.

We start with The Art of Exploiting Injection Flaws, taught by Sumit ‘Sid’ Siddharth. Sid is the contributing author of the book SQL Injection: Attacks and Defense (2nd Edition). We caught up with Sid and asked him what the USPs of the course are:

Sid: "If you do penetration testing or security consultancy as a day job and want to take your skills to the next level, then this is the right course for you. In the class we focus on Injection Flaws and only Injection Flaws and cover the topic inside out. We don’t teach people how to use sqlmap to exploit sql injection but give people deep underlying concepts so that they know when a tool is going to work and how the tool does work. So, next time when the tool gives up working, they are not stuck. 

To elaborate a bit more on this:
So, everyone’s favourite tool is BURP Professional to carry out web pentesting. What are the SQL Injection checks which burp does and more importantly what it doesn’t do? Anyone who has experience with BURP scanner would have noticed 1 particular check where it injects the query “select 1” and then inject “select 1,2” and based on the response often reports it as false positive SQLI. Fair enough! But why does it do that? And what happens when this 1 time out of 10 it’s not a false positive?

This is not a 101 class, we expect audience to have a basic understanding of app security, familiarisation with SQL language and OWASP standards. We cover advance topics such as 2nd order injection, injection in stored procedures, double encoding/decoding etc.
The 2nd day is also niche stuff which hasn’t received as much coverage as SQL Injection. So, we cover:

  • Hibernate Query language Injection (ORM)
  • LDAP Injection
  • XPATH Injection
  • XXE

Again, we don’t just touch the surface, but we go deep dive into topics like Blind LDAP/XPATH injection; XPath 2.0; combining XPath and XXE to do more fun stuff!
A lot of people have told me that they have never seen XPath injection in the wild. I myself didn’t see it until I researched the topic and in last 2 years, I have seen a fair few of them. They say, knowledge is power, for a reason ;-)"

There are a bunch of teaser slides about the course which can be found here:

Sid: "While I have delivered this class many times at Black Hat, Appsec etc, this is my first brucon. So, I am quite excited about it and hope to have a good turnout."

details and registration link are available on the BruCON web site: here.


The BruCON crew

No comments:

Post a Comment