Understanding and Exploiting SQL Injection flaws in Web Apps null Bangalore Humla 11 March 2017 Understanding and Exploiting SQL Injection flaws in Web Apps
Abstract
This will be a completely hands on session on detecting and exploiting SQL Injection issues. At the end of this session, the participant will be able manually identify SQL Injection vulnerabilities in web applications and use the vulnerability to perform the following:
-- Extract data from backend databases
-- Execute system level commands on the serverThe following types of SQL Injection will be covered:
-- Basic SQL Injection(Using database schema to extract specific information)
-- Error Based SQL Injection (Using DB errors presented to the user via the application)
-- Time Based SQL Injection (Using induced delays to check for true / false conditions)
-- Second Order SQL Injection (Triggered via resident data)
-- Server compromise using SQL Injection (MSSQL and MySQL).
Speaker
I like photography, stargazing, collecting stamps and fishing.
Timing
Starts at Saturday March 11 2017, 09:30 AM. The sessions runs for about 9 hours.