Tuesday, March 11, 2008

Web application security training - Black Hat Europe

Myself and Marcus (my co-author for The Web Application Hacker's Handbook) will be in Amsterdam later this month for Black Hat. As before, we'll be delivering the Web Application (In)security course. This covers practical techniques for attacking web applications, from the most basic hacks through to advanced exploitation methods. It is a roughly equal mix of presentations and hands-on lab sessions. Some highlights include:
  • exploiting SQL injection using second-order attacks, filter bypasses, query chaining and fully blind exploitation;

  • breaking authentication and access control mechanisms;

  • reverse engineering ActiveX and Java applets to bypass client-side controls;

  • exploiting cross-site scripting to log keystrokes, port scan the victim’s computer and network, and execute custom payloads;

  • exploiting LDAP and command injection; and

  • uncovering common logic flaws found in web applications.

Class numbers have just been extended due to popular demand, so sign up quickly if you'd like to attend. If you are in Amsterdam but not on the course, let me know and we can catch up.