exploiting SQL injection using second-order attacks, filter bypasses, query chaining and fully blind exploitation;
breaking authentication and access control mechanisms;
reverse engineering ActiveX and Java applets to bypass client-side controls;
exploiting cross-site scripting to log keystrokes, port scan the victim’s computer and network, and execute custom payloads;
exploiting LDAP and command injection; and
uncovering common logic flaws found in web applications.
Class numbers have just been extended due to popular demand, so sign up quickly if you'd like to attend. If you are in Amsterdam but not on the course, let me know and we can catch up.