Overview
This course explores novel pathways to Remote Code Execution (RCE) in web frameworks through the DataBinding mechanism. Participants will learn about the security vulnerabilities in DataBinding and how they can lead to RCE. The course aims to enhance understanding of DataBinding security issues in popular web frameworks such as Spring, Struts, Grails, and Ruby on Rails. The intended audience for this course includes web developers, security professionals, and individuals interested in web application security. The teaching method involves a comprehensive analysis of security bugs in DataBinding mechanisms and their exploitation for RCE.
Syllabus
DataBinding2Shell: Novel Pathways to RCE Web Frameworks
Taught by
Black Hat