SQL Injection Training at BlackHat 2013! More info…

SQL Injection Training at BlackHat 2013! More info…

Henry Dalziel | Hacker Hotshots, Information Security Conferences, Latest InfoSec News | November 13, 2013

As many of you know, we had a free 40 minute SQL Injection demonstration with Sumit ‘Sid’ Siddharth titled: “Learn Advanced SQL Injection Techniques Against Oracle Databases.”

Students walked away with the following skills:

  • An understanding of the world of Oracle vulnerabilities, i.e. privilege escalation attacks and OS Code execution.
  • An understanding how to exploit SQL injection vulnerabilities in a web application that talk to Oracle databases.
  • An understanding how to become Database Administrator (DBA) and execute operating system code execution (aka xp_cmdshell) against a back-end Oracle database.

[You can watch the demo here – video: 40 mins long]

Sid will be teaching the full two day course, called: “The Art of Exploiting Injection Flaws” at BlackHat 2013 December 9-10.

As a special promotion NotSoSecure, the instructors organization, is giving away a complimentary one month access to their SQL Injection labs. This access allows students to practice the concepts that they will learn during the training.

Course Overview
Every year OWASP rates injection flaws as the most important and critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. It is therefore no surprise that security professionals must learn have to test, prevent and defend against SQL Injection.

Sid’s hands-on two day course focuses on the injection flaws and the attendees will get an in-depth understanding of the flaws arising from this very common vulnerability.

The subjects covered in the course are:

  • SQL Injection
  • XPATH Injection
  • LDAP Injection
  • Hibernate Query Language Injection
  • Direct OS Code Injection
  • XML Entity Injection

During the two-days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered.

Primary course objectives include:

  • Understand the problem of Injection Flaws
  • Learn a variety of advanced exploitation techniques which hackers use
  • Learn how to fix these problems

Questions asked during our 40 minute live demo with Sid
We had several questions come in during the live training event, and here they are!

Remember, if you’d like to see the 40 minute video click here.

Question 1: Max, Concise Courses
Can a .htaccess help prevent SQL Injection?

Sumit ‘Sid’ Siddharth
No, I have actually never heard of this as a solution. I mean, obviously, if you are protecting a particular directory using .htaccess then nobody can then browse that directory, but if it is a public website then there will be a certain amount of content that will be available to everyone. If that directory has not been correctly validated then the .htaccess is not going to help. But, if you have a particular resource for which you would like to protect with .htaccess then yes, that would do the job.

Question 2: Max, Concise Courses
If there is one thing we can do to firm our WordPress Database, what would it be?

Sumit ‘Sid’ Siddharth
WordPress is a third party website so when you install WordPress you basically rely on the security within that system and you hope that there is no SQL Injection in the code. Clearly you need to keep your version of WordPress up to date with regards to security, and patches need to be installed. What I have found from real-life is that it is not the actual WordPress code which you need to worry about so much, because that has been checked by many people looking for vulnerabilities, and if they find something there will be a patch out soon before it gets exploited.

The thing that you need to worry about is the third party plug-ins that you install. From my experience people like to install every single plugin under the sun on their WordPress sites, and these third-party plugins do not come from WordPress, they come from anywhere and everywhere and that is where the vulnerability lies.

You must only use plugins that come from trusted sources.

Limited your exposure, so for example, if you have a WordPress site and you do not require registration then disable [that feature] and safeguard your wp_admin folder using .htaccess. Basically restrict your attack surface, that is really all you can do. At the end of the day you are replying on third party software and you have to take their security into account.

If you are really paranoid then you can think of installing Mod Security which is a web application firewall.

Question 3: Max, Concise Courses
Who should attend this course. Who is going to get the most out of attending this two day training course?

Sumit ‘Sid’ Siddharth
Well, I have been running this class for two years. This class runs every year at BlackHat and we always get a mix within the audience. One spectrum of the audience are working within security software testing or security validation as their day job and they want to take their skills to the next level and learn how to identify more vulnerabilities and how to do manual pentesting. We also get a lot of students from web development backgrounds and other people that want to write secure code and the only way that they write secure code is by learning from others mistakes. There are number of examples where we show vulnerable code.

We have a wide variety of audiences: pentesters, security auditors, web developers, database developers, all sorts really!

Question 4: Max, Concise Courses
How would you encapsulate what people are going to achieve by attending this two day class. What are they going to be able to do after they take the course?

Sumit ‘Sid’ Siddharth
They will be in a better position to identify Injection Flaws, understand them and subsequently be able to patch them. If they are pentesters or security testers then they will be in a better position to look at a tools output and identify whether it is a false positive or a false negative or even identify things that the pentesting tools do not pick-up. If they are web developers they can go back [after the course] and scan their code for issues that they learned from the class.

There is a lot to take-away from the course. Each student receives a comprehensive handout of the slides. Also, if you attend our class we give you a free month access with SQL Labs, so it is not like ‘you just practice for two days’ and then everything is removed away from you. You will get one month lab access where you can practice all the attacks that you will be taught in detail.

In Summary
If you are in the DC area December then not only is BlackHat a must for every security professional, but attending this course will maximize your skills and make you invaluable to any organization you work for.

Leave a comment or reply below...thanks!