This year at Black Hat Las vegas, I will be hosting a 1 day training course on the most popular web app hacking technique 'SQL Injection'.
video preview: http://www.youtube.com/watch?v=6pg-lRv8XTQ
Here is the abstract of the course:
"This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:
Extraction of arbitrary sensitive data from the database
Access and compromise of the internal network.
This training will target 3 databases:
and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:
Understand the problem of SQL Injection
Learn a variety of advanced exploitation techniques which hackers use
Learn how to fix the problem
Identify, extract, escalate, execute; we have got it all covered.
More details can be found here:https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html
There are a few seats still left and the course will sell-out very soon. If you require more details feel free to contact me at sid-at-notsosecure-dot-com