Black Hat Briefings, Las Vegas 2005 [audio] Presentations From The Security Conference

Esteban Martinez Fayo: Advanced SQL Injection in Oracle Databases

Informações:

Sinopsis

This presentation shows new ways to attack Oracle Databases. It is focused on SQL injection vulnerabilities and how can be exploited using new techniques. It also explains how to see the internal PL/SQL code that is vulnerable in Oracle built-in procedures and examples using recently discovered vulnerabilities. Buffer overflows, remote attacks using web applications and some ways to protect from these attacks also will be shown. Esteban Martinez Fayo is a security researcher; he has discovered and helped to fix multiple security vulnerabilities in major vendor software products. He specializes in application security and is recognized as the discoverer of most of the vulnerabilities in Oracle server software. Esteban currently works for Argeniss doing information security research and developing security related software solutions for Application Security Inc.