Thursday, October 1, 2009

Presentation - Overview of a SQL Injection Attack

This is a slightly modified version of a presentation I gave on an overview of a SQL Injection attack. I performed a forensics investigation on this attack as well as the desired effects on systems that browsed the site afterward. Additional information on this attack can be found on the Internet Storm Center in the following diary entries:

The 10.000 web sites infection mystery solved
http://isc.sans.org/diary.html?n&storyid=4294

SQL Injection: More of the same
http://isc.sans.org/diary.html?storyid=4565

If you have any questions or would like to discuss this please let me know. As always comments are welcome.

1 comment: