This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Advanced SQL Injection"
From OWASP
Jeremy.long (talk | contribs) (Created page with '== The presentation == rightSQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability…') |
Jeremy.long (talk | contribs) |
||
| Line 3: | Line 3: | ||
[[Image:Owasp_logo_normal.jpg|right]]SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion & Web Application Firewall Bypass * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS Note: This presentation now has updated material!!!! | [[Image:Owasp_logo_normal.jpg|right]]SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion & Web Application Firewall Bypass * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS Note: This presentation now has updated material!!!! | ||
| − | == The | + | == The speaker == |
Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country. | Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country. | ||
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]] | [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]] | ||
Revision as of 20:25, 3 August 2009
The presentation
The speaker
Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.
