One-Way Sql Hacking: Futility Of Firewalls In Web Hacking

No ratings

Presented at Blackhat Europe 2001 by

Saumil Shah

Jd Glaser

Topics covered will be: Overview of Web attacks One-way attacks SQL Entry points Privilege escalation Installing a web based sql command prompt Back-end Database Enumeration tool One Way SQL Web Hacking: SQL Web hacking is the next generation of hacking "kung fu." This talk expands on our previous web talks with new SQL techniques for taking apart an e-commerce site. Join us for an eye-opening demonstration on what can go wrong with poorly secured Web applications, how severe the risks are, and how to protect yourself and your company. We shall be covering vulnerabilities ranging from web server misconfigurations, improper URL parsing, application level vulnerabilities, Java application server hacking and some special advanced techniques. JD provides customized NT network security and audit tools for Foundstone. He specializes in Windows NT system software development and COM/DCOM application development. His most recent achievement was the successful formation of NT OBJECTives, Inc., a software company exclusively centered on building NT security tools. Since it's inception, over 100,000 of those security tools have been downloaded and put into practice. In addition, he has written several critical, unique intrusion audit papers on NT intrusion forensic issues. Currently, JD has been retained as a featured speaker/trainer for all the BlackHat Conferences on NT security issues.