Advanced SQL Injection

The presentation
SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion & Web Application Firewall Bypass * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS Note: This presentation now has updated material!!!!

The speakers
Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.