Apologies that this post is fairly nonsensical. I've put my raw NZ TechEd 2011 notes up here for my reference. I'd like to think that I'll refine them over time, but that probably won't be the case.
TechEd Online
1st Phase is discovery
Cross Site Scripting (XSS)
Javascript rendered back to another client. E.g. Embedding the <script> tag in a comment box. Weaponized XSS Attack - allows for interaction with the clients browser by the third party. Reflected XSS XSS Forgery Using twitter feeds for XSS attacks. Paros - local proxy Burp proxy Very important to check that the credit card authorized amount was the amount expected amount.
SQL injection attack
SQLMAP - python script exec xp_cmdshell'dir c:\'-- www.owasp.org 20 September 2011 www.kiwicon.org 5&6 November 2011 www.ruxcon.org.au 19 & 20 November 2011
