Difference between revisions of "SnowFROC Abstract Damele"

From OWASP
Jump to: navigation, search
m
m (The Speaker: Bernardo Damele)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
==The Presentation: "SQL injection exploitation internals: How do I exploit this web application injection point?" ==
+
==The Presentation: "SQL injection: Not only AND 1=1" ==
  
 
The presentation has a quick preamble on SQL injection definition,
 
The presentation has a quick preamble on SQL injection definition,
Line 13: Line 13:
 
IDS bypasses and more.
 
IDS bypasses and more.
  
During the presentation Damele will demonstrate these techniques by using
+
==The Speaker: Bernardo Damele Assumpcao Guimaraes ==
a new version of sqlmap which he will release at the conference!
+
 
+
 
+
==The Speaker: Bernardo Damele ==
+
 
Bernardo is an IT security engineer based in London (United Kingdom) currently
 
Bernardo is an IT security engineer based in London (United Kingdom) currently
 
employed as penetration tester and security researcher for a renowned
 
employed as penetration tester and security researcher for a renowned

Latest revision as of 11:55, 13 February 2009

The Presentation: "SQL injection: Not only AND 1=1"

The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.

Damele will then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester or a SQL injection tool developer faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, blind SQL injection algorithm speed enhancements, specific web application technologies IDS bypasses and more.

The Speaker: Bernardo Damele Assumpcao Guimaraes

Bernardo is an IT security engineer based in London (United Kingdom) currently employed as penetration tester and security researcher for a renowned security company. Bernardo spent most of his research time on web application and database management systems security. He is currently the lead developer of sqlmap, a MySQL UDF repository developer and a Metasploit contributor.


back to Presentation Agenda