Injection vulnerabilities exist within web services as well although seldom detected and exploited. We will take a look at a simple RESTful web service, discuss various web methods it support and understand data flow.

We will then take a look at detecting and exploiting a SQL injection vulnerability, accessing the backend datastore and exfiltrating it using the browser. This will be a hands on session. Participants are advised to bring their laptops.


Riyaz Walikar

I like photography, stargazing, collecting stamps and fishing.


Starts at Saturday February 28 2015, 10:00 AM. The sessions runs for about 3 hours.