On Tuesday, February 20th 2018, our penetration testing team leader and SANS ISC handler Bojan Ždrnja will live stream a webcast on exploiting esoteric SQL injection vulnerabilities. If you are a red team member focused on web applications, or a blue team focused defender and which to see how these attacks work, we invite you to join us.
In spite of being at #1 in the OWASP Top 10 "list of vulnerabilities" since 2010, and posing an extreme risk SQL injection are still the most common vulnerability identified in web applications, no matter which language or framework is used. We cover many examples on day 3 of the SEC542: Web App Penetration Testing and Ethical Hacking course.
In this webcast we will explain the basics behind SQL injection vulnerabilities and will then look at a few special examples where exploits were discovered on systems thought to be protected or not possible to be exploited.
We will look demonstrate how we can extract information from the backend databases by cleverly stimulating vulnerable web applications to extract one byte of data at a time.
You can attend the webcast using your mobile device!