Injection flaws have dominated web application vulnerability lists since time immemorial. And despite OWASP reducing their ranking from 1 to 3, they are still one of the most devastating web application vulnerabilities. Efforts have been made for years to secure applications against related attacks, from new frameworks to new defensive techniques. A lot has been done, but is it enough? This course enables you to walk through dozens of hacklabs and learn how – despite defensive efforts – injection flaws persist, with drastic effects on application security. Get into the attacker mindset for 2 days and deploy over 30 fresh and novel injection attacks via our state-of-the-art hacklabs. This practical course is packed with information and delivered by professional penetration testers, well-versed in web hacking from their years of experience in the wild. By the time you leave, you’ll understand how to deploy attacks using complex injection flaws. This course will be delivered virtually.
Syllabus
Lab set up and architecture overview
- Introduction to Burp Features
Structured Query Language (SQL) injection masterclass
- Second-order injection
- Out-of-band (OOB) exploitation
- SQLi through crypto
- OS code execution via PowerShell
- Advanced topics in SQli
- Advanced SQLMap usage and web application firewall (WAF) bypass
- Pentesting GraphQL
- Introspection-based attacks on GraphQL
- SQL injection via file metadata
Extensible Markup Language (XML) external entity (XXE) attack
- XXE Basics
- Advanced XXE exploitation over OOB channels
- XXE through Security Assertion Markup Language (SAML)
- XXE in file parsing/uploads
- XXE via XInclude
Remote Code Execution (RCE)
- Java serialisation attack
- Binary
- XML
- JSON
- SerialVersionUID mismatch
- .Net serialisation attack
- PHP serialisation attack
- Python serialisation attack
- Server-side template injection
- Ruby injection
- Analysing CVE-2021-25770
- Exploiting code injection over OOB channels
- Exploiting misconfigured code control systems
Server-Side Request Forgery (SSRF)
- SSRF to query internal network
- SSRF to exploit templates and extensions
- SSRF filter bypass techniques
- SSRF exploitation in AWS
- Examples from in the wild ( Case Studies )
Miscellaneous injections
- Host header validation bypass
- HTTP parameter pollution (HPP)
- Advanced SAML injection
- Attacking Log4j to achieve RCE (Log4Shell CVE-2021-44228)
- Examples from the Wild ( Case Studies )