Presented at
Black Hat USA 2013,
Aug. 1, 2013, 2:15 p.m.
(60 minutes)
This talk will present some of the newest and most advanced optimization and obfuscation techniques available in the field of SQL Injections. These techniques can be used to bypass web application firewalls and intrusion detection systems at an alarming speed. This talk will also demonstrate these techniques on both open-source and commercial firewalls and present the ALPHA version of a framework called Leapfrog which Roberto is developing; Leapfrog is designed to assist security professionals, IT administrators, firewall vendors and companies in testing their firewall rules and implementation to determine if they are an adequate enough defense measure to stop a real cyber-attack.
Many of the techniques that will be presented were created by Roberto Salgado and are currently some of the fastest methods of extracting information from a database through SQL Injections. Roberto will demonstrate how to reduce the amount of time it takes to exploit a SQL Injection by over a third of the time it would normally take. He will also demonstrate why firewalls and intrusion detection systems are not the ultimate solution to security and why other measurements should also be implemented.
Presenters:
-
Roberto Salgado
- Websec
As an Information Security specialist, Roberto Salgado has always been passionate about his line of work and has had several years of experience researching and experimenting in this field. His continuing commitment to exploring the cutting edge of today's security challenges, and finding solutions to these security challenges, has served to fuel his passion and dedication to his work. As a result, Roberto has had the opportunity to participate and contribute to well known projects, such as Modsecurity, PHPIDS, SQLMap and the "Web Application Obfuscation" book. Roberto also created and maintains the SQL Injection Knowledge Base, which is an invaluable resource for penetration testers when dealing with SQL injections. In his free time, he enjoys creating SQL Injection challenges for both the security community, and himself, to learn from. Additionally, Roberto enjoys programming in Python and has created projects such as Panoptic, a penetration testing tool that automates the search and retrieval of common log and config files through LFI vulnerabilities. Roberto was born in Harlingen, Texas in 1986, but raised on the island of Cozumel, Mexico by a Canadian mother and Mexican father. As a result, Roberto is bilingual and holds multi-citizenships. At age 17, Roberto moved to Vancouver Island and continues to reside there. In 2010, he co-founded Websec with 2 lifelong friends who share his passion for Information Security and together they built it into what it is today. Websec is currently based in Canada and Mexico however, they serve an international client base.
Links:
Similar Presentations: