homepage
Open menu
Contact Sales

Exploiting esoteric SQL injection vulnerabilities

  • Tuesday, 20 Feb 2018 10:30AM EST (20 Feb 2018 15:30 UTC)
  • Speaker: Bojan Zdrnja

In spite of 'being at #1 in the OWASP Top 10 \list of vulnerabilities" since 2010, 'and posing an extreme risk ' SQL injection are still the most common 'vulnerability identified in 'web applications, no matter which language or 'framework is used.

We cover 'many examples on day 3 of the SEC542: Web App Penetration Testing and Ethical 'Hacking course.

In this 'webcast we will explain the basics behind SQL injection vulnerabilities and 'will then look at a few special examples where exploits were discovered on'systems thought'to be protected or not possible to be exploited.

We will'look demonstrate how we can extract information from the backend databases by cleverly'stimulating vulnerable web applications to extract one byte of data at a time.

If you are 'a red team member focused on web applications, or a blue team focused defender 'and which to see how these attacks work, we invite you to join us.

Login to Register

Related Content

Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
HackFest_blog_image.png
Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming
A Visual Summary of SANS HackFest Summit
Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023
370x370-person-placeholder.png
Alison Kim
read more
Blog
Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming
SEC670 Prep Quiz Answers
Answers for the SEC670 Prep Quiz. For more details about the course and the quiz, please clickthrough to see the quiz article.
370x370_jonathan-reiter.jpg
Jonathan Reiter
read more