security

Advanced MySQL Exploitation

This talk focuses on how MySQL SQL injection vulnerabilities can be used to gain remote code execution on the LAMP and WAMP environments. Attackers performing SQL injection on a MySQL platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote …

Advanced MySQL Exploitation Read More »

Time-Based Blind SQL Injection Using Heavy Queries

This presentation describes how attackers could take advantage of SQL Injection vulnerabilities using time-based blind SQL injection. The goal is to stress the importance of establishing secure development best practices for Web applications and not only to entrust the site security to the perimeter defenses. This article shows exploitation examples for some versions of Microsoft …

Time-Based Blind SQL Injection Using Heavy Queries Read More »

NoSQL == No SQL Injections?

This is a short talk on NoSQL technologies and their impacts on traditional injection threats such as SQL injection. This talk surveys existing NoSQL technologies, and then demos proof-of-concept threats found with CouchDB. We then discuss impacts of NoSQL technologies to existing security technologies such as blackbox scanning, static analysis, and web application firewalls.

PL/SQL for Security

This short video shows how you can improve the security of your Oracle database with PL/SQL.

NoSQL, No Injection?

This video discusses NoSQL technologies and their impacts on traditional injection threats such as SQL injection. This talk surveys existing NoSQL technologies, and then demos proof-of-concept threats found with CouchDB. We then discuss impacts of NoSQL technologies to existing security technologies such as blackbox scanning, static analysis, and web application firewalls. For presentations, whitepapers or …

NoSQL, No Injection? Read More »

Introducing Oracle Database Firewall

This video discusses how Oracle helps organizations to safeguard data and address regulatory requirements. Learn more about threats like SQL Injection attacks and why all organizations need to consider new solutions in a complete database security defensive strategy.