This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Advanced SQL Injection

From OWASP
Revision as of 20:04, 3 August 2009 by Jeremy.long (talk | contribs) (Created page with '== The presentation == rightSQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The presentation

Owasp logo normal.jpg
SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion & Web Application Firewall Bypass * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS Note: This presentation now has updated material!!!!

The speakers

Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

Retrieved from "https://wiki.owasp.org/index.php?title=Advanced_SQL_Injection&oldid=67088"