Date
Thursday, 06 Dec 2018 11:30 AM
11:30 – 11:45 Lunch and good of the order
11:45 – 12:00 OWASP News and notes
12:00 – 1:00 Featured presentation: Error-Based SQL Injection: T’was Blind But Now I See (data) with Ben Broussard
“I’m sorry, ‘P@ssw0rd123’ can’t answer the phone right now.” SQL Injection is often discovered when an error message is shown from user input that includes a quote. This presentation will show different techniques to exfiltrate data from MS SQL, mysql, and oracle databases within the error messages. This talk will be a technical dive into a lesser known area of Error-Based SQL Injection, but will cover enough injection basics to be approachable by most people.
A little about Ben:
Ben Broussard came up as a mainframe and web site programmer. In 2010, after hacking his own creations, he made the switch to full-time appsec pentester. Other interests include acrobatics, chess, jiu jitsu, cognitive science, and puns.
