This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "The Art of Exploiting SQL Injections"
Mark.bristow (talk | contribs) |
Mark.bristow (talk | contribs) |
||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
===Description=== | ===Description=== | ||
This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and even web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios: | This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and even web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios: | ||
| Line 16: | Line 8: | ||
To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases (MS-SQL, Mysql, Oracle) and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following: | To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases (MS-SQL, Mysql, Oracle) and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following: | ||
| + | |||
| + | # Identify the most complicated sql injections which are beyond the scope of any automated tool? | ||
| + | # Identify and Extract sensitive data from back-end database? | ||
| + | # Privilege Escalation within the database and extracting data with database admin privilege? | ||
| + | # OS code execution on these database server and use this as a pivot to attack internal network? | ||
| + | |||
| + | ===Requirements=== | ||
| + | Students will need to bring a laptop with VMWare | ||
| + | |||
| + | ===Objectives=== | ||
| + | Skill: Basic, Intermediate | ||
# Identify the most complicated sql injections which are beyond the scope of any automated tool? | # Identify the most complicated sql injections which are beyond the scope of any automated tool? | ||
| Line 25: | Line 28: | ||
'''Instructor: Sumit Siddharth''' Sumit "sid" Siddharth works as a Principal Security Consultant (Penetration Tester) for 7Safe Limited in the UK. He specializes in the application and database security and has more than 5 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a speaker at many security conferences including Blackhat, Defcon, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: www.notsosecure.com | '''Instructor: Sumit Siddharth''' Sumit "sid" Siddharth works as a Principal Security Consultant (Penetration Tester) for 7Safe Limited in the UK. He specializes in the application and database security and has more than 5 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a speaker at many security conferences including Blackhat, Defcon, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: www.notsosecure.com | ||
| − | + | ||
| − | |||
[[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training]]] [[Category:Intermediate_Training]]] | [[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training]]] [[Category:Intermediate_Training]]] | ||
Revision as of 22:17, 16 September 2010
Description
This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and even web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:
- Authentication Bypass
- Extraction of arbitrary sensitive data from the database
- Access and compromise of the internal network.
To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases (MS-SQL, Mysql, Oracle) and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:
- Identify the most complicated sql injections which are beyond the scope of any automated tool?
- Identify and Extract sensitive data from back-end database?
- Privilege Escalation within the database and extracting data with database admin privilege?
- OS code execution on these database server and use this as a pivot to attack internal network?
Requirements
Students will need to bring a laptop with VMWare
Objectives
Skill: Basic, Intermediate
- Identify the most complicated sql injections which are beyond the scope of any automated tool?
- Identify and Extract sensitive data from back-end database?
- Privilege Escalation within the database and extracting data with database admin privilege?
- OS code execution on these database server and use this as a pivot to attack internal network?
Instructor
Instructor: Sumit Siddharth Sumit "sid" Siddharth works as a Principal Security Consultant (Penetration Tester) for 7Safe Limited in the UK. He specializes in the application and database security and has more than 5 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a speaker at many security conferences including Blackhat, Defcon, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: www.notsosecure.com]]
