Your browser has been detected as Internet Explorer 6. Please note not all website functionality will be available. Therefore we strongry reccoment upgrading your browser.

Careers at 7Safe

Penetration Testing

Computer Forensics

About Us

Testing Services

Vulnerability assessment
7Safe’s vulnerability assessment and vulnerability testing service goes beyond simple automated tools and includes manual verification and the eyes of a real penetration testing team.
Penetration testing
Penetration testing, pen testing or sometimes known as “ethical hacking” is a security testing service that focuses on locating flaws in your networks, infrastructure and overall architecture.
Application testing
Our Application testing falls into several categories including web application testing, application security, remote access applications etc and involves intricate security testing to establish weaknesses and flaws.
Web application testing
A service that examines your web applications and web application security - from coding and implementation flaws through to simple issues including SQL injection and cross site scripting.
Database
7Safe is an authority on Database security testing which closely links with overall application security and web application security together with in-depth analysis of database security design and implementation.
Wireless security testing
A security testing service to assess the vulnerability of wireless security in the workplace and to establish how best to protect wireless networks.
PCI penetration testing
7Safe operates in the field Payment Card Industry Data Security Standard (PCI DSS) and PCI Compliance undertaking penetration testing for client Cardholder Data Environments (CDE).

7Safe Services

Follow us

CREST Approved Pen Testing services

News & Events

Using Powershell to do the Nasty 07/03/2013
Meet 7Safe at Black Hat, Abu Dhabi 2012 04/12/2012
LinkedIn Breach Commentary 08/06/2012

Subscribe To Our Newsletter

16th August, 2011

‘The Art of Exploiting Lesser Known Injection Flaws’ revealed at Black Hat

The audience at Black Hat, Las Vegas were recently engaged by an interactive workshop titled ‘The Art of Exploiting Lesser Known Injection Flaws’ presented by 7Safe renowned security researchers Sumit Siddarth and Aleksander Gorkowienko.

The aim of the workshop was to provide an in-depth knowledge of some injection techniques which are not as commonly known as SQL Injection. The following topics were covered in this workshop:

• XPATH Injection
• LDAP Injection
• Hibernate Query Language Injection
• XML Entity Injection

The workshop provided participants with a unique opportunity to gain insightful information, allowing them to master the exploitation techniques and gain an in-depth knowledge of the impact of the vulnerabilities.

Two key tools were released and presented during the session: “LDAP Blind Explorer” and “XPATH Blind Explorer”, which allow quick and easy exploitation of the subsequent injection flaws. For instance, XPATH Blind Explorer allows extracting full XML document from the back system. Watch the videos below for a clear demonstration of how the tools can be used in practice:

LDAP Blind explorer in action:

XPATH Blind Explorer in action:

Both the tools (with the source code) can be downloaded from here:
http://code.google.com/p/ldap-blind-explorer/

http://code.google.com/p/xpath-blind-explorer/

Rating: 0.0/5 (0 votes cast)

ISO 27001 & 9001

7Safe London
123 Buckingham Palace Road
London, SW1W 9SR
United Kingdom

Tel: +44 (0)870 600 1667
Fax: +44 (0)122 328 1114

7Safe Cambridge
Cambridge Technology Centre
Melbourn, Herts SG8 6DP
United Kingdom

Tel: +44 (0)870 600 1667
Fax: +44 (0)122 328 1114