5 Days Left to Save $200 on SANS Miami 2016

Rocky Mountain 2014

Denver, CO | Mon, Jun 9 - Sat, Jun 14, 2014

SQL Injection Exploited

  • Micah Hoffman
  • Wednesday, June 11th, 8:15pm - 9:15pm

For almost two decades attackers have been exploiting web applications using SQL injection attacks; gaining access to database content and compromising systems. We have probably all seen news reports that thousands or millions of database records were stolen from a company's web application through SQL injection. Or perhaps about attackers breaking into a government organization and compromising their systems through a similar flaw. But how many of us have actually seen what SQL injection looks like? How many of us have seen someone exploit a system using it? That is what this talk and demo is about.

Come learn about SQL injection, what it is and how to prevent it. But mostly, come to this talk to see a demonstration of a web application being exploited using manual and automated SQL injection techniques. Attendees will leave the talk with a better understanding of the vulnerability, attacker capabilities, and appropriate places where they can try exploiting a system using SQL injection themselves!

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Additional Sessions
Session Speaker Type
SANS Technology Institute Open House Special Events
Monday, June 9
Session Speaker Time Type
General Session - Welcome to SANS Dr. Eric Cole Monday, June 9th, 8:15am - 8:45am Special Events
APT: It is Time to Act Dr. Eric Cole Monday, June 9th, 7:15pm - 9:15pm Keynote
Tuesday, June 10
Session Speaker Time Type
Continuous Ownage: Why you Need Continuous Monitoring Seth Misenar Tuesday, June 10th, 7:15pm - 8:15pm SANS@Night
No Budget Implementation of the SANS 20 Security Controls Russell Eubanks Tuesday, June 10th, 8:15pm - 9:15pm SANS@Night
Wednesday, June 11
Session Speaker Time Type
Vendor Showcase Wednesday, June 11th, 10:30am - 10:50am Vendor Event
Fortinet Next Generation Firewalls Wednesday, June 11th, 12:30pm - 1:15pm Lunch and Learn
Taking Your Training to Work : A Practical Approach to Operationalizing SANS Critical Security Control for Information Security Management Chuck Mackey, Sequris Group Wednesday, June 11th, 12:30pm - 1:15pm Lunch and Learn
The User is the Target: Spear-phishing, Watering Hole Attacks, Drive-by Downloads Shawn Munoz, Sales Engineer, Invincea Wednesday, June 11th, 12:30pm - 1:15pm Lunch and Learn
Vendor Showcase Wednesday, June 11th, 12:30pm - 1:15pm Vendor Event
Vendor Showcase Wednesday, June 11th, 3:00pm - 3:20pm Vendor Event
Selling Security to Decision Makers Doc Blackburn Wednesday, June 11th, 7:15pm - 8:15pm SANS@Night
SQL Injection Exploited Micah Hoffman Wednesday, June 11th, 8:15pm - 9:15pm SANS@Night
Thursday, June 12
Session Speaker Time Type
An Introduction to PowerShell for Security Assessments James Tarala Thursday, June 12th, 7:15pm - 8:15pm SANS@Night
Friday, June 13
Session Speaker Time Type
DLP FAIL!!! Using Encoding, Steganography and Covert Channels to Evade DLP and Other Critical Controls Kevin Fiscus Friday, June 13th, 7:15pm - 8:15pm SANS@Night