Select Page

11:30 – 11:45 Lunch and good of the order

11:45 – 12:00 OWASP News and notes

12:00 – 1:00 Featured presentation: Error-Based SQL Injection: T’was Blind But Now I See (data) with Ben Broussard

“I’m sorry, ‘P@ssw0rd123’ can’t answer the phone right now.” SQL Injection is often discovered when an error message is shown from user input that includes a quote. This presentation will show different techniques to exfiltrate data from MS SQL, mysql, and oracle databases within the error messages. This talk will be a technical dive into a lesser known area of Error-Based SQL Injection, but will cover enough injection basics to be approachable by most people.

A little about Ben:

Ben Broussard came up as a mainframe and web site programmer. In 2010, after hacking his own creations, he made the switch to full-time appsec pentester. Other interests include acrobatics, chess, jiu jitsu, cognitive science, and puns.