Be the first to like this
The objective of this talk is to demonstrate how to subvert some SQLi (bad but popular) defenses and to show how to properly defend against SQLi attacks.
We will cover topics such as:
- Blind SQLi attacks
- Timing SQLi attacks
- Encoding attacks
- How to subvert some filters
- How you should protect your code against SQLi attacks
Presented at Confraria Security & IT, 26/01/11 Lisbon
note: this is exactly the same talk as given in Codebits IV (2010), without the Codebits CTF qualifier explanation.
This talk was co-presented by me and Nuno Loureiro (http://www.slideshare.net/nuno.loureiro)