Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

SPECIAL-OPS 2 – THE ART OF EXPLOITING SQL INJECTION FLAWS

TRAINER: Sumit Siddharth (Head of Penetration Testing, 7Safe Limited)

CAPACITY: 20 pax

SEATS LEFT: REGISTRATION CLOSED

DURATION: 1 day (21st May 2012)

COST (per pax): EUR699 (early bird) / EUR799 (non early-bird)

 

OVERVIEW

This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

1. Authentication Bypass
2. Extraction of arbitrary sensitive data from the database
3. Access and compromise of the internal network.

This training will target 3 databases:

  • MS-SQL
  • Mysql
  • Oracle

and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

  1. Understand the problem of SQL Injection.
  2. Learn a variety of advanced exploitation techniques which hackers use.
  3. Learn how to fix the problem.

Identify, extract, escalate, execute; we have got it all covered.

WHO SHOULD ATTEND?

Penetration Testers, Web Developers, Security Auditors/Administrators/Managers, anyone else who wants to take their skills to the next level.

HARDWARE / SOFTWARE REQUIREMENTS

Students must bring their own laptop with Windows Operating System installed (either running natively or in a VM). Students must have admin access on the windows platform.

ABOUT THE TRAINER

Sumit Siddharth

Sumit “sid” Siddharth works as Head of the Penetration Testing for 7Safe Limited in the UK. He has been a speaker/trainer at many security conferences including Blackhat, Defcon, Troopers, OWASP Appsec, Sec-T, IT-Underground etc. He has contributed a number of whitepapers, security tools, exploits and advisories to the industry. Sid is one of the contributing authors of the book SQL Injection: Attacks and defense (2nd edition). He also runs the popular IT security blog www.notsosecure.com.

 

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

( / 10 )