Digital Security Forum 2009

I have been invited to speak at the 2nd Digital Security Forum in a couple of weeks time.

I will present an updated version of my slides SQL injection: Not Only AND 1=1. The abstract is once again as follows:

The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.

I will then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, specific web application technologies IDS bypasses and more.

The Conference will take place on June 26 - 27, 2009 at Hotel Olissippo Oriente in Lisbon (Portugal).
If you are around, it's an occasion to catch up and share ideas on application security, see you there!