The Art of Exploiting SQL Injections

Description
Course Length: 1 Day

This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and even web developers  to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:


 * 1) Authentication Bypass
 * 2) Extraction of arbitrary sensitive data from the database
 * 3) Access and compromise of the internal network.

To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases (MS-SQL, Mysql, Oracle) and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:


 * 1) Identify the most complicated sql injections which are beyond the scope of any automated tool?
 * 2) Identify and Extract sensitive data from back-end database?
 * 3) Privilege Escalation  within the database and extracting data with database admin privilege?
 * 4) OS code execution on these database server and use this as a pivot to attack internal network?

Student Requirements
Students will need to bring a laptop with VMWare

Objectives
Skill: Basic, Intermediate


 * 1) Understand the problem of SQL Injection
 * 2) Learn a variety of advanced exploitation techniques which hackers use.
 * 3) How to fix the problem?

Instructor
Instructor: Sumit Siddharth Sumit "sid" Siddharth works as a Principal Security Consultant (Penetration Tester) for 7Safe Limited in the UK. He specializes in the application and database security and has more than 5 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a speaker at many security conferences including Blackhat, Defcon, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: www.notsosecure.com

] ]