The Art of Exploiting SQL Injections

From OWASP
Jump to: navigation, search

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Description

Course Length: 1 Day

This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and even web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

  1. Authentication Bypass
  2. Extraction of arbitrary sensitive data from the database
  3. Access and compromise of the internal network.

To identify the true impact of this vulnerability it is essential that the vulnerability gets exploited to the full extent. While there is a reasonably good awareness when it comes to identify this problem, there are still a lot of grey areas when it comes to exploitation or even identifying complex vulnerabilities like a 2nd order injections. This training will target 3 databases (MS-SQL, Mysql, Oracle) and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

  1. Identify the most complicated sql injections which are beyond the scope of any automated tool?
  2. Identify and Extract sensitive data from back-end database?
  3. Privilege Escalation within the database and extracting data with database admin privilege?
  4. OS code execution on these database server and use this as a pivot to attack internal network?

Student Requirements

Students will need to bring a laptop with VMWare

Objectives

Skill: Basic, Intermediate

  1. Understand the problem of SQL Injection
  2. Learn a variety of advanced exploitation techniques which hackers use.
  3. How to fix the problem?


Instructor

Instructor: Sumit Siddharth Sumit "sid" Siddharth works as a Principal Security Consultant (Penetration Tester) for 7Safe Limited in the UK. He specializes in the application and database security and has more than 5 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a speaker at many security conferences including Blackhat, Defcon, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: www.notsosecure.com]]