Description: SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.
"Advanced SQL Injection" is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.
The key areas are:
IDS/Web Application Firewall Evasion
Privilege Escalation
Re-Enabling stored procedures
Obtaining an interactive command-shell
Data Exfiltration via DNS
Joseph McCray is a leader when it comes to penetration testing. Joseph currently acts as Assessment Practice Manager at Rapid7 and is the founder of LearnSecurityOnline.com. At Rapid7, he manages and performs Blackbox & Whitebox, Wireless and VoIP Penetration Testing,as well as performing Social Engineering.
Tags: fun ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.