Advanced SQL Injection - Revision history

Johanna Curiel at 22:17, 2 October 2015

2015-10-02T22:17:01Z

Leeannehart at 15:31, 20 October 2009

2009-10-20T15:31:39Z

Mark.bristow: /* The presentation */

2009-08-12T01:08:27Z

‎The presentation

Jeremy.long at 20:25, 3 August 2009

2009-08-03T20:25:40Z

Jeremy.long: Created page with '== The presentation == rightSQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability…'

2009-08-03T20:04:57Z

Created page with '== The presentation == rightSQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability…'

New page

== The presentation ==

[[Image:Owasp_logo_normal.jpg|right]]SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion & Web Application Firewall Bypass * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS Note: This presentation now has updated material!!!!

== The speakers ==

Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

← Older revision		Revision as of 22:17, 2 October 2015
Line 9:		Line 9:
	Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.		Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

−	[[Category:OWASP_AppSec_DC_09~~]] [[Category:OWASP_Conference_Presentations~~]]	+	[[Category:OWASP_AppSec_DC_09]]

@@ Line 1: / Line 1: @@
 == The presentation  ==
-[[Image:Owasp_logo_normal.jpg|right]]SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.
+[[Image:Joe_McCray.jpg|200px|thumb|right|Joe McCray]]SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.
 Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.  This updated presentation will cover the following key concepts: IDS Evasion & Web Application Firewall Bypass, Privilege Escalation, Re-Enabling stored procedures, Obtaining an interactive command-shell, Data Exfiltration via DNS.

@@ Line 3: / Line 3: @@
 [[Image:Owasp_logo_normal.jpg|right]]SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion & Web Application Firewall Bypass * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS Note: This presentation now has updated material!!!!
-== The speakers  ==
+== The speaker  ==
 Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.
 [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]