Last Chance: MacBook Air, Dell XPS 13 or $600 off with SANS Online Training Ends December 7

Boston 2014

Boston, MA | Mon, Jul 28, 2014 - Sat, Aug 2, 2014
This event is over,
but there are more training opportunities.

SQL Injection Exploited

  • Micah Hoffman
  • Wednesday, July 30th, 7:15pm - 8:15pm

For almost two decades attackers have been exploiting web applications using SQL injection attacks; gaining access to database content and compromising systems. We have probably all seen news reports that thousands or millions of database records were stolen from a company's web application through SQL injection. Or perhaps about attackers breaking into a government organization and compromising their systems through a similar flaw. But how many of us have actually seen what SQL injection looks like? How many of us have seen someone exploit a system using it? That is what this talk and demo is about.

Come learn about SQL injection, what it is and how to prevent it. But mostly, come to this talk to see a demonstration of a web application being exploited using manual and automated SQL injection techniques. Attendees will leave the talk with a better understanding of the vulnerability, attacker capabilities, and appropriate places where they can try exploiting a system using SQL injection themselves!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, July 28
Session Speaker Time Type
General Session - Welcome to SANS Jason Fossen Monday, July 28th, 8:15am - 8:45am Special Events
APT: It is Time to Act Dr. Eric Cole Monday, July 28th, 7:15pm - 9:15pm Keynote
Tuesday, July 29
Session Speaker Time Type
Continuous Ownage: Why you Need Continuous Monitoring Seth Misenar and Eric Conrad Tuesday, July 29th, 7:15pm - 8:15pm SANS@Night
The Bot inside the Machine Johannes Ullrich Tuesday, July 29th, 8:15pm - 9:15pm SANS@Night
Wednesday, July 30
Session Speaker Time Type
Vendor Showcase Wednesday, July 30th, 10:30am - 10:50am Vendor Event
Top 5 Myths of Data Breaches Brian Kaye, Regional Account Manager, Firemon Wednesday, July 30th, 12:30pm - 1:15pm Lunch and Learn
Next Generation Firewalls Jeff Eckley, Sales Manager, Infogressive Wednesday, July 30th, 12:30pm - 1:15pm Lunch and Learn
Vendor Showcase Wednesday, July 30th, 3:00pm - 3:20pm Vendor Event
Windows Exploratory Surgery with Process Hacker Jason Fossen Wednesday, July 30th, 7:15pm - 8:45pm SANS@Night
SQL Injection Exploited Micah Hoffman Wednesday, July 30th, 7:15pm - 8:15pm SANS@Night
Thursday, July 31
Session Speaker Time Type
Infosec Rock Star: How to be a More Effective Security Professional Ted Demopoulos Thursday, July 31st, 7:15pm - 8:15pm SANS@Night
SIFT Workstation - The Art of Incident Response Rob Lee Thursday, July 31st, 7:15pm - 8:15pm SANS@Night
Logs, Logs, Every Where / Nor Any Byte to Grok Phil Hagen Thursday, July 31st, 8:15pm - 9:15pm SANS@Night
Friday, August 1
Session Speaker Time Type
SANS 8 Mobile Device Security Steps Chris Crowley Friday, August 1st, 7:15pm - 8:15pm SANS@Night