SecurityTubeBeta
Watch ... Learn ... Contribute
securitytube home
securitytube videos
securitytube questions
securitytube news
securitytube tools
divider
upload video on SecurityTube
 
 
Video Categories:
Security Basics
Programming
Security Tools
Fun

Advanced SQL Injection (LayerOne 2009)
 
 

This is the video of the talk titled "Advanced SQL Injection" given at LayerOne 2009 by Joe McCray. The slides can be downloaded here.

Talk Description: SQL Injection is a vulnerability that is often missed by web application security scanners, and it’s a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.

Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.

The key areas are:

    * IDS Evasion
    * Privilege Escalation
    * Re-Enabling stored procedures
    * Obtaining an interactive command-shell
    * Data Exfiltration via DNS

Speaker Bio: Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.
 

 
Related Videos from: Security and Hacking Talks from LayerOne 2009
divider
Is XSS Solveable (LayerOne 2009)
You are Viewing this Video Now!
Hacking with GnuRadio (LayerOne 2009)
Deploying DNSSEC (LayerOne 2009)
Policy, the Biscuit Game of Infosec (LayerOne 2009)
1632 views
3483 views
4071 views
2159 views
1508 views

Author
Vivek-Ramachandran

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net

 
©2007 Freak Labs