The Art of Exploiting SQL Injection: 1 day hands on training

Discuss the many weaknesses of browser security and ways to mitigate the threat

The Art of Exploiting SQL Injection: 1 day hands on training

Post by sumsid_5 on Fri May 11, 2012 6:17 am
([msg=66271]see The Art of Exploiting SQL Injection: 1 day hands on training[/msg])

Hello All,

This year at Black Hat Las vegas, I will be hosting a 1 day training course on the most popular web app hacking technique 'SQL Injection'.

video preview: http://www.youtube.com/watch?v=6pg-lRv8XTQ
Here is the abstract of the course:

"This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

Authentication Bypass
Extraction of arbitrary sensitive data from the database
Access and compromise of the internal network.
This training will target 3 databases:

MS-SQL
MySQL
Oracle

and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

Understand the problem of SQL Injection
Learn a variety of advanced exploitation techniques which hackers use
Learn how to fix the problem
Identify, extract, escalate, execute; we have got it all covered.

More details can be found here:
https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

There are a few seats still left and the course will sell-out very soon. If you require more details feel free to contact me at sid-at-notsosecure-dot-com

Thanks
Sid
sumsid_5
New User
New User
 
Posts: 2
Joined: Fri May 11, 2012 6:12 am
Blog: View Blog (0)


Re: The Art of Exploiting SQL Injection: 1 day hands on training

Post by limdis on Mon May 14, 2012 9:31 pm
([msg=66319]see Re: The Art of Exploiting SQL Injection: 1 day hands on training[/msg])

Thanks Sid for the heads up.
Everyone should go to something like this at least once. Lot of good material gets covered at these conferences. Looks good to employers too if you are trying to get into the security field.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1435
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: The Art of Exploiting SQL Injection: 1 day hands on training

Post by sumsid_5 on Sun Jun 03, 2012 3:50 am
([msg=66783]see Re: The Art of Exploiting SQL Injection: 1 day hands on training[/msg])

A few seats still left in the course. The course has been completely re-written and contains only relevant/advanced instances/examples.

Such as SQLI in orderby, group by etc
SQL in stored procedures
double encoding
Injection in cookies, headers
OS code exec by UDF Injection
and loads more..

See you there!
https://www.blackhat.com/html/bh-us-12/ ... ction.html

Thanks
Sid
www.notsosecure.com
sumsid_5
New User
New User
 
Posts: 2
Joined: Fri May 11, 2012 6:12 am
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests