The objective of this talk is to demonstrate how to subvert some SQLi (bad but popular) defenses and to show how to properly defend against SQLi attacks.
We will cover topics such as:
- Blind SQLi attacks
- Timing SQLi attacks
- Encoding attacks
- How to subvert some filters
- How you should protect your code against SQLi attacks
Presented at ISEL Tech 2012, 24/05/12 Lisbon
Video available at http://www.youtube.com/watch?v=M4DwMPuLx48 (in Portuguese)
note: this is almost exactly the same talk as given in Codebits IV (2010), without the Codebits CTF qualifier explanation.