OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1.
This hands-on session gives attendees an over-view of this vulnerability. While topics such as SQL Injection are very well documented, there are quite a lot of other injection flaws which are not much talked about. Some of these are:
This hands-on session will introduce the attendees to such less popular vulnerabilities and allow the attendees to gain an in-depth knowledge of the impact of the vulnerability.
Sumit Siddharth (sid) works as a Principal Security Consultant for 7safe in the UK. He specializes in Web application and database security. Sid has been a speaker at many international conferences such as Blackhat, Defcon, Owasp, Troopers, Sec-T etc. He has been an author of several white-papers, tools and security advisories. Sid holds the prestigious CREST certification and also runs the popular IT security blog www.notsosecure.com
Aleksander Gorkowienko, Senior Information Security Consultant and Penetration Tester at 7Safe Ltd. (UK). In the IT industry since 1997, always being happy to play with various high-tech toys. With wide area of interests and rich business experience (development, design and maintenance of software, dealing with various IT systems) now deeply involved into IT Security area. For everyday helping to strengthen the security of business applications and corporate infrastructure for enterprises across the UK:banks, e-commerce, production, public sector, etc. Specially interested in databases and applications security (web applications and windows apps). Also responsible for preparing and delivering training courses (i.e.:Certified Application Security Tester -CAST or Secure Coding for Web Developers) and creating a variety of hacking challenges.