Riding the Magical Code Injection Rainbow – Daniel Crowley
Text to Speech Voices
Friday October 25, 2013 11:00am - 11:45am
Gemalto Room (Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757)
Attack Track
There are many intentionally vulnerable web applications available for people to learn how to exploit various types of flaws. Unfortunately, many of them have only the most basic and easily exploited examples of flaws. In order to work with a more complex version of a flaw, it's usually necessary to write your own vulnerable application or modify an existing one.
There is another option! The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerable applications. This presentation will demonstrate the use of the existing MCIR applications such as SQLol (for SQL injection) and XMLmao (for XML and XPath injection), teach advanced exploitation techniques in SQL injection; XPath injection; cross-site scripting; and shell command injection, discuss the exploitation of insecure cryptosystems and discuss how to use the MCIR framework to build your own configurable vulnerable application.
Likes: 0
Viewed:
source
Gloss