{"id":843,"date":"2013-08-28T15:01:00","date_gmt":"2013-08-28T15:01:00","guid":{"rendered":"https:\/\/www-new.brucon.org\/2018\/2013\/08\/28\/brucon-training-in-the-spotlights-the-art-of-exploiting-injection-flaws\/"},"modified":"2013-08-28T15:01:00","modified_gmt":"2013-08-28T15:01:00","slug":"brucon-training-in-the-spotlights-the-art-of-exploiting-injection-flaws","status":"publish","type":"post","link":"https:\/\/archive.brucon.org\/2018\/2013\/08\/28\/brucon-training-in-the-spotlights-the-art-of-exploiting-injection-flaws\/","title":{"rendered":"BruCON training in the spotlights: “The Art of Exploiting Injection Flaws”"},"content":{"rendered":"
<\/a>We have some great trainings<\/a> lined up for you at BruCON this year.
Just to make it even harder for you to choose one, we will put some of these trainings in the spotlight.<\/p>\n

We start with The Art of Exploiting Injection Flaws<\/a>, taught by Sumit \u2018Sid\u2019 Siddharth. Sid is the contributing author of the book SQL Injection: Attacks and Defense (2nd Edition)<\/a>. We caught up with Sid and asked him what the USPs of the course are:<\/p>\n

Sid:<\/u><\/b> “If you do penetration testing or security consultancy as a day job and want to take your skills to the next level, then this is the right course for you. In the class we focus on Injection Flaws and only Injection Flaws and cover the topic inside out. We don\u2019t teach people how to use sqlmap to exploit sql injection but give people deep underlying concepts so that they know when a tool is going to work and how the tool does work. So, next time when the tool gives up working, they are not stuck. <\/i>

<\/i>To elaborate a bit more on this:<\/i>
So, everyone\u2019s favourite tool is BURP Professional to carry out web pentesting. What are the SQL Injection checks which burp does and more importantly what it doesn\u2019t do? Anyone who has experience with BURP scanner would have noticed 1 particular check where it injects the query \u201cselect 1\u201d and then inject \u201cselect 1,2\u201d and based on the response often reports it as false positive SQLI. Fair enough! But why does it do that? And what happens when this 1 time out of 10 it\u2019s not a false positive?<\/i>

<\/i>This is not a 101 class, we expect audience to have a basic understanding of app security, familiarisation with SQL language and OWASP standards. We cover advance topics such as 2nd order injection, injection in stored procedures, double encoding\/decoding etc.<\/i>
The 2nd day is also niche stuff which hasn\u2019t received as much coverage as SQL Injection. So, we cover:<\/i><\/p>\n