Black Hat West Coast Trainings Home Black Hat West Coast Trainings Home Black Hat West Coast Trainings Registration Black Hat West Coast Trainings Registration Black Hat West Coast Training Black Hat West Coast Trainings Summit Black Hat West Coast Trainings Schedule Black Hat West Coast Trainings Schedule Black Hat West Coast Trainings Sponsors Black Hat West Coast Trainings Sponsors Black Hat West Coast Trainings Venue Black Hat West Coast Trainings Venue
 
 

On This Page

The Art of Exploiting Injection Flaws

Sumit 'sid' Siddharth | December 9-10


 Early

$1800

Ends Oct 24
11:59PM EST

 Regular

$2000

Ends Dec 5
11:59PM EST

 Late

$2300

Ends Dec 12



As a special promotion NotSoSecure is giving away FREE on-line lab access to all attendees of the class for 1 month. This will allow them more time to practice the concepts learnt in the training.


Overview

OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1

Listen to Sid's podcast about the course here: http://traffic.libsyn.com/pauldotcom/PaulDotCom-329-Part2.mp3

This hands-on session will only focus on the injection flaws and the attendees will get an in-depth understanding of the flaws arising from this vulnerability. The topics covered in the class are:

During the two-days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered. The following are the objectives of the course:

  1. Understand the problem of Injection Flaws
  2. Learn a variety of advanced exploitation techniques which hackers use
  3. learn how to fix these problems


What Makes Your Course Unique?

The course is not a generic application security course; it only talks about injection flaws and covers the topic inside out. There is no other course which covers these topics in as much depth as we do. In Seattle we will showcase the 2014 version of the class which has had a complete upgrade. The course is only available via Black Hat and other leading conferences. To make it even more awesome, we are giving away all attendees FREE access to on-line labs to allow them more practice time.


Who Should Take This Course


Student Requirements

A prior knowledge of Database systems and SQL language will be an added advantage but it's not a strict requirement.


What Students Should Bring

Students must bring their own laptop with Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks like install software, disable antivirus etc. Devices which don't have ethernet connection (e.g. macbook Air, tablets etc) are not supported. A prior knowledge of Database systems and SQL language will be an added advantage but it's not a strict requirement.


What Students Will Be Provided With


Trainers

Sumit "sid" Siddharth is the founder of Notsosecure Ltd, a specialist IT security firm delivering high-end IT security consultancy and Training. Prior to Notsosecure, he worked as Head of Penetration Testing for a leading IT security company in UK. He has more than 8 years of experience in Penetration Testing. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including numerous Black Hat, DEF CON, OWASP Appsec, HITB etc. He also runs the popular IT security blog: http://www.notsosecure.com/blog. Sid is also a co-author of the book SQL Injection: Attacks and Defence (2nd edition). Over the years, Sid has identified several critical flaws in leading software and helped fix these bugs. These include products from Microsoft, Oracle, Intel, Wordpress etc. He has trained several security consultants/penetration testers and helped them get better at their jobs. Sid also holds both CREST certifications (Application and Infrastructure).