The Art of Exploiting Lesser Known Injection Flaws

OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1.

This hands-on session gives attendees an over-view of this vulnerability. While topics such as SQL Injection are very well documented, there are quite a lot of other injection flaws which are not much talked about. Some of these are:

  • XPATH Injection
  • LDAP Injection
  • Hibernate Query Language Injection
  • Direct OS Code Injection
  • XML Entity Injection

This hands-on session will introduce the attendees to such less popular vulnerabilities and allow the attendees to gain an in-depth knowledge of the impact of the vulnerability.

Presented by