Advanced SQL Injection - Defcon 17
According to OWASP top 10 vulnerabilities of 2010, SQL injection is the most dangerous and most common vulnerability around, A SQL Injection vulnerability occurs due to improper input validation or no input validation at all, what I mean by improper or no input validation is the user input is not filtered(for escape characters) before it gets passed to the SQL database, A Sql injection attack can be any many forms, but it's usually categorized into 3 types:
1. Inband
2. Out of band
3. Inferential
While browsing on the internet, I came across an excellent presentation on Advanced SQL Injection techniques by john Mccray, In this presentation john Mccray discusses some of advanced SQL Injection methods and topics such as IDS evasion, filter bypassing etc.
No comments: