Learn all about SQL Injection from an expert. 40 Minute LIVE training session.

Learn all about SQL Injection from an expert. 40 Minute LIVE training session.

Henry Dalziel | General Hacking Posts, Hacker Hotshots, Information Security Careers, Latest InfoSec News | November 5, 2013

We are in for a real treat this Friday November 8th!

For those with even the faintest interest in information security, make sure you get yourself enrolled in our free 40 minute demonstration by expert Sumit ‘Sid’ Siddharth titled: “Learn Advanced SQL Injection Techniques Against Oracle Databases”.

Attendees are going to learn the following:

  • All about Oracle vulnerabilities.
  • Privilege escalation attacks along with OS Code execution.
  • How to exploit SQL injection vulnerabilities in a web application that communicate to Oracle databases.
  • How to Become a Database Administrator (DBA) and execute operating system code execution (aka xp_cmdshell) against a back-end Oracle database.

This really is a fantastic opportunity for two clear reasons: firstly, that the audience are going to learn about the web’s most common persistent threat: SQL Injection, but also that this important content is going to be delivered by a real hands-on and experienced professional.

About the instructor
Sumit ‘Sid’ Siddharth is the founder of NotSoSecure, an information security specialist IT firm that delivers high-end IT consultancy and training. Before starting NotSoSecure Sid worked as the Head of Penetration Testing for a leading UK IT security company. Not only has Sid accumulated a decade of hands-on Penetration Testing experience, he has also authored a number of whitepapers and tools and has spoken at many security conferences including numerous Black Hat, DEF CON, OWASP Appsec, HITB and more.

About SQL Injection
SQL injection remains to be the most common and infamous form of web site and web application attack. The basic reason why SQL Injection is still very much prevalent is due to code not written correctly and the vast availability of hacking tools that can easily be deployed to discover weaknesses and vulnerabilities – at ease. In essence an SQL Injection relates to an ability to inject SQL commands into, for example, a log in form that in turn allows the attacker to gain access to the data held within the target database.

SQL exploits are considered easy prey owing to the fact that even inexperienced hackers (script kiddies) can accomplish a great deal of harm to a web application or website.

Another reason why we are still combating SQL is that it is virtually the only universal language that all databases speak. SQL is the lingua franca of the IT world when it comes to the storage, manipulation, and retrieval of data. For example, databases that use SQL include MS SQL Server, MySQL, Oracle, and Filemaker Pro and these databases are all open to potential SQL injection attacks. Sid will be demonstrating attacks on Oracle databases so needless to say, if your database has an Oracle flavor – make sure that you have enrolled on this training session. Even if you personally do not manage Oracle equipment, the knowledge that Sid will share will be very beneficial when seeking employment or when contracting, i.e. understanding Oracle vulnerabilities will put another feather in your bow!

In Summary
This is going to be one of the most memorable events of 2013 for Concise Courses. We have had some really interesting demo’s and training sessions including for example ‘How To Hack Skype and VoIP’ along with a whole host of spy gadgets, pentesting tool demonstrations and much more, but what we like about this is the ‘grass roots’ nature of the subject matter.

Put simply, Sid created this live 40-minute tutorial specifically for security professionals (including CIO’s, CISO’s, Database Administrators/ Developers and Network Managers) who work within the following industries: Military, Government, Computer & Network Security and Software. If this fits your profile, or even if it doesn’t, then get yourself registered for the event.

Put even more simply – if you work in IT security – then you have to know and understand SQL Injection. Period.

The link will be evergreen and we will be recording the event so if you are reading this after Friday November 8th go ahead and hit the link at the top of this post.

Please add any questions that you might have pre training in the comments below, or you can ask during the event! We have a live chat feature which is always open to questions.

Also, finally, worth mentioning that we are no strangers to Database security, we had a Hacker Hotshot show with Josh Shaul February 2013 titled: “Hacking The Big 4 Databases” which is also worth checking out before this event.

Leave a comment or reply below...thanks!