SanDiego

Local News

OWASP San Diego – A Big Dose of SQL Injection The Open Web Application Security Project (OWASP) Chapter in San Diego is convening to take a deep-dive on SQL Injection. Attacking and defending will be covered to allow individuals to test their own applications as well as secure them. Marcus has been working in the field close to eight years, has competed in many Capture The Flag (CTF) contests, and has discovered and disclosed numerous zero-day vulnerabilities. Come network with some of the best security auditors, researchers, and developers in the San Diego area. Intuit is graciously hosting this event at their San Diego office and we look forward to seeing you there! Below is an overview of the agenda.

 General SQL Injection Overview Triggering SQL Injection Error Based SQL Injection (MSSQL, MySQL, Oracle, Postgres) Union Based SQL Injection Blind SQL Injection Out Of Band SQL Injection OS SQL Injection (Getting Shells Out of the OS), (MSSQL, Oracle, MySQL) SQL Injection Tools</li> Custom automation of SQL Injection</li> Difficulties injecting into INSERT, UPDATE and DELETE statements</li> Second Order SQL Injection</li> Defeating IDS, IPS and WAFs</li> SQL Injection on unfamiliar databases (SQLite)</li> SQL Injection Defense </li> </ul>

Date September 11th 2013

Time 6:00pm - 8:00pm

Location Intuit (Building 3, Cook Room) 7535 Torrey Santa Fe Rd. San Diego, CA 92129 Please RSVP [mailto:rsvp@owasp-sd.org rsvp@owasp-sd.org] 619-519-2405

OWASP San Diego Board [mailto:jeromie@owasp-sd.org Jeromie Jackson] - President [mailto:jeff@owasp-sd.org Jeff Sutton] - Vice President [mailto:tom@owasp-sd.org Tom Spencer] - Technical Director [mailto:stephan@owasp-sd.org Stephan Chenette] - Research Director