SQL Injection 101

Presented at DerbyCon 2.0 Reunion (2012), Sept. 30, 2012, 2 p.m. (30 minutes)

This presentation will introduce SQL injection to the new web application hacker. It will walk you through web architectures and vulnerable code examples. You will learn how to set up a penetration testing lab with vulnerable applications, find SQL injection vulnerabilities, and hack them to bits. After you understand the problem, you’ll learn how to prevent them in the first place along with how to defend against SQL injection attacks.

Presenters:

• Jason Pubal
  Jason is the senior security engineer for a global non-profit. With a security team of 2 and a product portfolio of over 50 software applications, he has his hands full working with developers to design secure applications, conducting web application penetration tests, and performing incident response when it hits the fan.

Similar Presentations:

• DEF CON 20 (2012) / SQL ReInjector - Automated Exfiltrated Data Identification
• DEF CON 10 (2002) / SQL Injection
• DEF CON 20 (2012) / Rapid Blind SQL Injection Exploitation with BBQSQL