DiscoverBlack Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conferenceBala Neerumalla: SQL Injections by truncation
Bala Neerumalla: SQL Injections by truncation

Bala Neerumalla: SQL Injections by truncation

Update: 2006-06-04
Share

Description

"In this talk, I will discuss some ways to circumvent common mitigations of SQL Injection vulnerabilities in dynamic SQL. I will then suggest ways to protect against them.

Bala Neerumalla specializes in finding application security vulnerabilities. He worked as a security engineer for SQL Server 2000 and SQL Server 2005. He is currently working as a security engineer for Exchange Hosted Services."
Comments 
In Channel
Dan Larkin: Keynote: Fighting Organized Cyber Crime - War Stories and Trends

Dan Larkin: Keynote: Fighting Organized Cyber Crime - War Stories and Trends

2006-06-0454:41

David Litchfield : All New Zero Day

David Litchfield : All New Zero Day

2006-06-0445:14

David Endler: Hacking VOIP Exposed

David Endler: Hacking VOIP Exposed

2006-06-0401:02:39

Neal Krawetz (Dr): You are what you type: No classical computer forensics

Neal Krawetz (Dr): You are what you type: No classical computer forensics

2006-06-0447:47

Ofir Arkin: Bypassing Network Access Control (NAC) Systems

Ofir Arkin: Bypassing Network Access Control (NAC) Systems

2006-06-0451:28

Bruce Potter: The Trusted Computing Revolution

Bruce Potter: The Trusted Computing Revolution

2006-06-0444:52

Dan Kaminsky: Black Ops 2006

Dan Kaminsky: Black Ops 2006

2006-06-0401:00:27

Halvar Flake: RE 2006: New Challenges Need Changing Tools

Halvar Flake: RE 2006: New Challenges Need Changing Tools

2006-06-0445:20

Pete Finnigan: How to Unwrap Oracle PL/SQL

Pete Finnigan: How to Unwrap Oracle PL/SQL

2006-06-0453:53

Hendrik Scholz: SIP Stack Fingerprinting and stack difference attacks

Hendrik Scholz: SIP Stack Fingerprinting and stack difference attacks

2006-06-0453:32

Mariusz Burdach: Physical Memory Forensics

Mariusz Burdach: Physical Memory Forensics

2006-06-0444:48

Jesse Burns: Fuzzing Selected Win32 Interprocess Communication Mechanisms

Jesse Burns: Fuzzing Selected Win32 Interprocess Communication Mechanisms

2006-06-0401:05:33

SensePost: A Tale of Two Proxies

SensePost: A Tale of Two Proxies

2006-06-0441:17

Tom Ptacek and Dave Goldsmith: Do Enterprise Management Applications Dream of Electric Sheep?

Tom Ptacek and Dave Goldsmith: Do Enterprise Management Applications Dream of Electric Sheep?

2006-06-0459:50

Saumil Udayan Shah: Writing Metasploit Plugins - from Vulnerability to Exploit

Saumil Udayan Shah: Writing Metasploit Plugins - from Vulnerability to Exploit

2006-06-0401:17:05

Bala Neerumalla: SQL Injections by truncation

Bala Neerumalla: SQL Injections by truncation

2006-06-0428:17

Jay Schulman: Phishing with Asterisk PBX

Jay Schulman: Phishing with Asterisk PBX

2006-06-0448:51

Kevin Mandia: The State of Incidence Response

Kevin Mandia: The State of Incidence Response

2006-06-0401:08:14

Shawn Embleton, Sherri Sparks & Ryan Cunningham: "Sidewinder": An Evolutionary Guidance System for Malicious Input Crafting

Shawn Embleton, Sherri Sparks & Ryan Cunningham: "Sidewinder": An Evolutionary Guidance System for Malicious Input Crafting

2006-06-0401:14:21

Johnny cache and David Maynor: Device Drivers

Johnny cache and David Maynor: Device Drivers

2006-06-0457:16

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Bala Neerumalla: SQL Injections by truncation

Bala Neerumalla: SQL Injections by truncation

Black Hat RSS Feed