The title of the talk is SQL injection: Not only AND 1=1 and its abstract is:
If you are around, it's an occasion to catch up and share ideas on application security, see you there!The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.
I will then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, blind SQL injection algorithm speed enhancements, specific web application technologies IDS bypasses and more.
UPDATE - March 24, 2009: The video is online on Google Video.
0 comments:
Post a Comment