Exploiting esoteric SQL injection vulnerabilities

  • Tuesday, 20 Feb 2018 10:30AM EST (20 Feb 2018 15:30 UTC)
  • Speaker: Bojan Zdrnja

In spite of 'being at #1 in the OWASP Top 10 \list of vulnerabilities" since 2010, 'and posing an extreme risk ' SQL injection are still the most common 'vulnerability identified in 'web applications, no matter which language or 'framework is used.

We cover 'many examples on day 3 of the SEC542: Web App Penetration Testing and Ethical 'Hacking course.

In this 'webcast we will explain the basics behind SQL injection vulnerabilities and 'will then look at a few special examples where exploits were discovered on'systems thought'to be protected or not possible to be exploited.

We will'look demonstrate how we can extract information from the backend databases by cleverly'stimulating vulnerable web applications to extract one byte of data at a time.

If you are 'a red team member focused on web applications, or a blue team focused defender 'and which to see how these attacks work, we invite you to join us.