FileMaker Developers – SQL Injection is a real threat and you may want to learn more about this topic.
Learn all about SQL Injection from an expert. 40 Minute LIVE training session.
Posted on November 5, 2013
We are in for a real treat this Friday November 8th!
For those with even the faintest interest in information security, make sure you get yourself enrolled in our free 40 minute demonstration by expert Sumit ‘Sid’ Siddharth titled: “Learn Advanced SQL Injection Techniques Against Oracle Databases”.
Attendees are going to learn the following:
- All about Oracle vulnerabilities.
- Privilege escalation attacks along with OS Code execution.
- How to exploit SQL injection vulnerabilities in a web application that communicate to Oracle databases.
- How to Become a Database Administrator (DBA) and execute operating system code execution (aka xp_cmdshell) against a back-end Oracle database.
This really is a fantastic opportunity for two clear reasons: firstly, that the audience are going to learn about the web’s most common persistent threat: SQL Injection, but also that this important content is going to be delivered by a real hands-on and experienced professional.
About the instructor
Sumit ‘Sid’ Siddharth is the founder of NotSoSecure, an information security specialist IT firm that delivers high-end IT consultancy and training. Before starting NotSoSecure Sid worked as the Head of Penetration Testing for a leading UK IT security company. Not only has Sid accumulated a decade of hands-on Penetration Testing experience, he has also authored a number of whitepapers and tools and has spoken at many security conferences including numerous Black Hat, DEF CON, OWASP Appsec, HITB and more.
About SQL Injection
SQL injection remains to be the most common and infamous form of web site and web application attack. The basic reason why SQL Injection is still very much prevalent is due to code not written correctly and the vast availability of hacking tools that can easily be deployed to discover weaknesses and vulnerabilities – at ease. In essence an SQL Injection relates to an ability to inject SQL commands into, for example, a log in form that in turn allows the attacker to gain access to the data held within the target database.
SQL exploits are considered easy prey owing to the fact that even inexperienced hackers (script kiddies) can accomplish a great deal of harm to a web application or website.
Another reason why we are still combating SQL is that it is virtually the only universal language that all databases speak. SQL is the lingua franca of the IT world when it comes to the storage, manipulation, and retrieval of data. For example, databases that use SQL include MS SQL Server, MySQL, Oracle, and Filemaker Pro and these databases are all open to potential SQL injection attacks. Sid will be demonstrating attacks on Oracle databases so needless to say, if your database has an Oracle flavor – make sure that you have enrolled on this training session. Even if you personally do not manage Oracle equipment, the knowledge that Sid will share will be very beneficial when seeking employment or when contracting, i.e. understanding Oracle vulnerabilities will put another feather in your bow!