Choose from Seven Cyber Security Courses at SANS Atlanta 2018. Save $200 thru 4/25.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Exploiting esoteric SQL injection vulnerabilities

  • Tuesday, February 20th, 2018 at 10:30 AM EST (15:30:00 UTC)
  • Bojan Zdrnja
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

In spite of being at #1 in the OWASP Top 10 "list of vulnerabilities" since 2010, and posing an extreme risk SQL injection are still the most common vulnerability identified in web applications, no matter which language or framework is used.

We cover many examples on day 3 of the SEC542: Web App Penetration Testing and Ethical Hacking course.

In this webcast we will explain the basics behind SQL injection vulnerabilities and will then look at a few special examples where exploits were discovered on systems thought to be protected or not possible to be exploited.

We will look demonstrate how we can extract information from the backend databases by cleverly stimulating vulnerable web applications to extract one byte of data at a time.

If you are a red team member focused on web applications, or a blue team focused defender and which to see how these attacks work, we invite you to join us.

Speaker Bio

Bojan Zdrnja

Bojan worked for 5 years in the Faculty of Electrical Engineering at The University of Zagreb (Croatia) till 2002, when he moved to New Zealand. He was the team leader in several enterprise security projects for large customers, as well as a member of several Incident Response Teams in Croatian CERT. At the University of Auckland he architectured and implemented the entire enterprise e-mail system. In 2008 Bojan moved back to Croatia.

For years Bojan had a security column in a computer magazine in Croatia (Mreza). He wrote a book about computer viruses ("What are computer viruses", published in Croatia) and co-wrote a chapter in "AVIEN Malware Defense Guide for the Enterprise", a book released by Syngress in 2007.

He's probably most well known by his diaries for SANS Internet Storm Center in which he regularly analyzes new threats.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.