One-Way Sql Hacking: Futility Of Firewalls In Web Hacking presented at Blackhat Europe 2001

by Saumil Udayan Shah, Jd Glaser,

Tags: Security Web SQL

Summary : Topics covered will be:
Overview of Web attacks
One-way attacks
SQL Entry points
Privilege escalation
Installing a web based sql command prompt
Back-end Database Enumeration tool
One Way SQL Web Hacking: SQL Web hacking is the next generation of hacking "kung fu." This talk expands on our previous web talks with new SQL techniques for taking apart an e-commerce site. Join us for an eye-opening demonstration on what can go wrong with poorly secured Web applications, how severe the risks are, and how to protect yourself and your company.
We shall be covering vulnerabilities ranging from web server misconfigurations, improper URL parsing, application level vulnerabilities, Java application server hacking and some special advanced techniques.
JD provides customized NT network security and audit tools for Foundstone. He specializes in Windows NT system software development and COM/DCOM application development. His most recent achievement was the successful formation of NT OBJECTives, Inc., a software company exclusively centered on building NT security tools. Since it's inception, over 100,000 of those security tools have been downloaded and put into practice. In addition, he has written several critical, unique intrusion audit papers on NT intrusion forensic issues. Currently, JD has been retained as a featured speaker/trainer for all the BlackHat Conferences on NT security issues.