Ends Tomorrow! Save $400 on 4-6 day Courses at SANS Tysons Corner Fall 2017.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

The Secrets of Exploiting Local and Remote File Inclusion

  • Wednesday, May 22nd, 2013 at 4:00 AM EDT (08:00:00 UTC)
  • Justin Searle
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • RSA Conference

You can now attend the webcast using your mobile device!

Overview

Join us for a two part webcast and taste a sample of SANS's new 6-day course SEC642: Advanced Web App Penetration Testing and Ethical Hacking. These webcasts will delve into the secrets of exploiting local file include (LFI) and remote file include (RFI) vulnerabilities. And if you thought LFI and RFI vulnerabilities only affected PHP web applications, think again. We'll take you through the techniques to find and exploit these flaws in .NET, Java, and our good old friend that has long since held the reputation of containing file inclusion vulnerabilities, PHP. We'll reveal tricks how to prevent the web server from executing code in its server-side source files allowing you to retrieve the source code you shouldn't be able to see. We'll also teach you how to get your own code up to the server for arbitrary code execution through those file inclusion vulnerabilities. Don't miss this opportunity to sample one of our hottest classes, SEC642, the sequel to our original 6-day web penetration class SEC542.

Speaker Bio

Justin Searle

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.