Abstract

This will be a completely hands on session on detecting and exploiting SQL Injection issues. At the end of this session, the participant will be able manually identify SQL Injection vulnerabilities in web applications and use the vulnerability to perform the following:
-- Extract data from backend databases
-- Execute system level commands on the server

The following types of SQL Injection will be covered:
-- Basic SQL Injection(Using database schema to extract specific information)
-- Error Based SQL Injection (Using DB errors presented to the user via the application)
-- Time Based SQL Injection (Using induced delays to check for true / false conditions)
-- Second Order SQL Injection (Triggered via resident data)
-- Server compromise using SQL Injection (MSSQL and MySQL).

Speaker

Riyaz Walikar

I like photography, stargazing, collecting stamps and fishing.

Timing

Starts at Saturday March 11 2017, 09:30 AM. The sessions runs for about 9 hours.

Resources