Presented at
AppSec USA 2017,
Sept. 20, 2017, 9 a.m.
(480 minutes).
SQL Injection (SQLi) vulnerabilities are the most common injection flaws found in web applications today, ranking number one in the OWASP Top 10 most critical web application security risks. When an attacker is able to find and exploit such a vulnerability, the end result is often disastrous: complete database download, application backdoor created or even remote code execution. Suffice to say that penetration testers need to find these vulnerabilities before the bad guys do.
But vulnerability scanners and automated exploitation tools like sqlmap can only do so much when it comes to finding and exploiting SQLi vulnerabilities. While they do a good job for regular or error-based SQLi vulnerabilities, their success rate lowers drastically when blind SQLi is encountered, especially when time-based attacks are required. And if you need to be quiet on the network, most tools are just insanely noisy…
This course is designed to help penetration testers who have been using these tools to get to the next level, where finding and exploiting SQLi is no longer easy. When only a browser and notepad are available to you or when being quiet is critical, you will be glad you know this stuff.
1) SQL crash course for hackers
2) Error-based SQL Injection
- Bypassing login (demo)
- UNION exploitation techniques (exercise)
3) Blind SQL Injection
- Splitting and Balancing
- Boolean exploitation techniques (exercise)
- Time-based exploitation techniques (exercise)
4) Using tools
- Exploiting error-based and blind SQLi using sqlmap (exercise)
Presenters:
-
David Caissy
- Penetration Tester - TRM Technologies Inc.
David Caissy is a web application penetration tester with in-depth developer and IT Security background spanning over 17 years. He has extensive experience in conducting vulnerability assessments and penetration tests as well as providing training globally, amongst numerous other teaching engagements. He has worked for the Bank of Canada, the Department of National Defense, various government agencies and private companies. David has been teaching web application security in colleges, conferences and for many government agencies over the last decade.
Links:
Similar Presentations: