Immerse yourself in hands-on cyber security training at SANS Santa Monica 2019! Save $350 thru 8/28.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

SQL Injection Exploited

  • Friday, August 8th, 2014 at 1:00 PM EDT (17:00:00 UTC)
  • Micah Hoffman
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

For almost two decades attackers have been exploiting web applications using SQL injection attacks; gaining access to database content and compromising systems. We have probably all seen news reports that thousands or millions of database records were stolen from a company's web application through SQL injection. Or perhaps about attackers breaking into a government organization and compromising their systems through a similar flaw. But how many of us have actually seen what SQL injection looks like? How many of us have seen someone exploit a system using it? That is what this talk and demo is about.

Come learn about SQL injection, what it is and how to prevent it. But mostly, come to this talk to see a demonstration of a web application being exploited using manual and automated SQL injection techniques. Attendees will leave the talk with a better understanding of the vulnerability, attacker capabilities, and appropriate places where they can try exploiting a system using SQL injection themselves!

Speaker Bio

Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micah's SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he's been a SANS Certified Instructor since 2013. He's the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.