This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Advanced SQL Injection

From OWASP
Revision as of 20:25, 3 August 2009 by Jeremy.long (talk | contribs)

Jump to: navigation, search

The presentation

Owasp logo normal.jpg
SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion & Web Application Firewall Bypass * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS Note: This presentation now has updated material!!!!

The speaker

Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.