Save $350 on Cyber Security Training at SANS Anaheim 2019. Ends 12/19!


To attend this webcast, login to your SANS Account or create your Account.

Secrets of Exploiting Blind SQL Injection

  • Wednesday, April 30th, 2014 at 1:00 PM EDT (17:00:00 UTC)
  • Justin Searle
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • HP

You can now attend the webcast using your mobile device!


Join us for a follow up to the "Secrets of Exploiting" series, a series of webcasts giving you sneak peaks into one of hottest new SANS classes, SEC642: Advanced Web App Penetration Testing and Ethical Hacking. In this webcast, we'll take a deeper look at how to exploit blind SQL injection vulnerabilities. Since blind SQL vulnerabilities do not inherently return data from the database, we have to find other ways to retrieve the data we want. This webcast will discuss how we can overcome these limitations through four different exfiltrate methods including single line retrieval, error messages, boolean indicators, and attacker controlled timing delays. More importantly, we'll show you how this can be automatically done with sqlmap so you don't have to become a DBA to launch these types of attacks.

Speaker Bio

Justin Searle

Mr. Searle is Director of Industrial Control Systems (ICS) Security at InGuardians, an independent information security consulting company providing high-value services including penetration testing, security assessments, threat hunting, and incident response. He is also a Senior Instructor for the SANS Institute, having taught core ICS security courses including  “ICS/SCADA Security Essentials” and “Assessing and Exploiting Control Systems.” Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.