OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project: https://www.owasp.org/index.php/Top_10_2013-A1-Injection
This hands-on session will only focus on the injection flaws and the attendees will get an in-depth understanding of the flaws arising from this vulnerability. The topics covered in the class are:
SQL Injection
XPATH Injection
LDAP Injection
Hibernate Query Language Injection
Direct OS Code Injection
XML Entity Injection
During the two-days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered. The following are the objectives of the course:
- Understand the problem of Injection Flaws
- Learn a variety of advanced exploitation techniques which hackers use
- learn how to fix these problems