SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: * IDS Evasion * Privilege Escalation * Re‐Enabling stored procedures * Obtaining an interactive command‐shell * Data Exfiltration via DNS