SQL Injection Exploited
- Friday, August 8th, 2014 at 1:00 PM EDT (17:00:00 UTC)
- Micah Hoffman
You can now attend the webcast using your mobile device!
For almost two decades attackers have been exploiting web applications using SQL injection attacks; gaining access to database content and compromising systems. We have probably all seen news reports that thousands or millions of database records were stolen from a company's web application through SQL injection. Or perhaps about attackers breaking into a government organization and compromising their systems through a similar flaw. But how many of us have actually seen what SQL injection looks like? How many of us have seen someone exploit a system using it? That is what this talk and demo is about.
Come learn about SQL injection, what it is and how to prevent it. But mostly, come to this talk to see a demonstration of a web application being exploited using manual and automated SQL injection techniques. Attendees will leave the talk with a better understanding of the vulnerability, attacker capabilities, and appropriate places where they can try exploiting a system using SQL injection themselves!
Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world penetration testing and incident response experience to provide unique solutions to his customers. Micah holds GIAC's GAWN, GWAPT, and GPEN certifications as well as the CISSP. Micah is an active member in the NoVAHackers group, has written Recon-ng and Nmap testing tool modules and enjoys tackling issues with the Python scripting language. When not working, teaching, or learning, Micah can be found hiking or backpacking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.