SHARE

Title: Automated SQL Ownage Techniques
Presenter:  Fernando Federico Russ, CoreLabs Researcher
Date and Time: March 24, 2010 at 3:30pm
Location: Sheraton Wall Centre, Vancouver, BC, Canada
Link to event: http://cansecwest.com/agenda.html

Overview:
This talk is about web application security assessment. In particular, in this talk we set to improve the assessment process for SQL injection vulnerabilities by providing the means to discard exogenous "false positive" alarms and confirm exploitable vulnerabilities.

We propose a black-box technique to detect and exploit SQL injection vulnerabilities. The exploitation provides an interface to execute arbitrary SQL code through them. Therefore, we are able to thoroughly assess the impact of the vulnerability (e.g., understand what a hacker can do).

The core of this talk is in examining the difficulties that appear while trying to expose vulnerabilities and carry out a black-box interaction to automatically construct an exploit.

Learn more about our security testing software solutions.

• Corporate Overview

Latest Press Releases

• CORE Impact Pro Automates Endpoint OS & Application Vulnerability Assessment and Penetration Testing

• CORE Security Joins HP Enterprise Security Technology Alliances Program

Latest In the News

• Adobe Patches Flash Player Bug as Hackers Attack IE for Windows

• Microsoft's 'Patch Tuesday' For May Approaches

Upcoming Webcasts

• Register for a live security testing webcast or watch archived webcasts

Upcoming Events

• Black Hat USA

• SANSFIRE

Press Contacts

Vaughn Harring
Core Security
(617) 645-4322
vharring@coresecurity.com

David Seuss
Core Security
(617) 388-7775
dseuss@coresecurity.com

Lisa Mokaba
Inkhouse
781-966-4108
core@inkhouse.net