We admit: Given that this is February, August's Black Hat USA 2015 still feels quite a ways off... and it is! But we've got such an impressive array of programming this year that we can't help but want to start sharing. So welcome to the first intel update for Black Hat USA 2015, of many to come. And here, too, is your first reminder to take advantage of our early-bird registration rates. Got it? Good. Now let's talk web application vulnerability Trainings.
In 2002 Sensepost released one of the first SQL injection tools, Mieliekoek, and in 2007 released Squeeza, a tool that exfiltrated data from compromised databases through various channels (DNS, timing, HTTP error messages). They owning the application layer, and HBN Reloaded: Web Application Bootcamp reflects that. Come learn the fundamental tools of the trade, basic intel, and all manner of attacks, including SQL injection on various platforms, XML and XML entity injection, XPath and LDap injection, Cross-site scripting (reflective, persistent, and DOM based), and much more. Two days of hands-on hacking await.
Or maybe you'd prefer a Training from MDSec, who are justifiably proud of their Web Application Hacker's Handbook series, which they believe to be the most deep and comprehensive general-purpose guide to web application hacking available. MDSec's Web Application Hacker's Handbook - Live will follow the second edition of the Handbook, giving you a strong base before launching into topics like how to quickly and efficiently pinpoint and exploit web vulnerabilities, turn XSS/CSRF vulnerabilities into full account compromise, and immediately recognize and exploit logic flaws.
If not that, then perhaps you'd care to focus on injection flaws, which OWASP rates the most critical web vulnerability in its Top 10 most Critical Web Application Security Risks. The Art of Exploiting Injection Flaws will delve into all manner of injection attacks, including SQL injection, XPATH injection, LDAP injection, Hibernate Query Language injection, Direct OS code injection, XML Entity injection. By the end you'll thoroughly understand injection attacks, how attackers perpetrate them, and how best to defend against them. Not a bad two days' work.
As ever, Black Hat USA 2015 will occur at the lovely Mandalay Bay resort in Las Vegas. It goes down August 1-6, so there's plenty of time to lock in those sweet early-bird discounts.