|
|
|
|
|
| Posted By: |
SecurityTube_Bot
|
| Posted On: |
Mon 21 Feb 2011 |
| Views: |
5259 |
| Support SecurityTube:
|
|
|
Description: SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploit
able by security testers when it actually can be exploited.
"Advanced SQL Injection" is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.
The key areas are:
IDS/Web Application Firewall Evasion
Privilege Escalation
Re-Enabling stored procedures
Obtaining an interactive command-shell
Data Exfiltration via DNS
Joseph McCray is a leader when it comes to penetration testing. Joseph currently acts as Assessment Practice Manager at Rapid7 and is the founder of LearnSecurityOnline.com. At Rapid7, he manages and performs Blackbox & Whitebox, Wireless and VoIP Penetration Testing,as well as performing Social Engineering.
