Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 15, 2011
Speaker: Joseph McCray Founder of Learn Security Online
SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.
Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.
The key areas are:
•IDS Evasion, Web Application Firewall Bypass •Privilege Escalation •Re-Enabling stored procedures •Obtaining an interactive command-shell •Data Exfiltration via DNS