Session 1
Section A: The Essence of SQL Injection
• Databases
• Vulnerabilities / Common Attacks
• SQL Injections
• Impacts of SQL Injection
• Business Impacts of SQL Injection
• Using SQL Injection
• SQL Injection Enumeration
• Extended Stored Procedures
• Lee Lawson Video
Section B: Direct Attacks and Protection
• Direct Attacks
• Attacking Database Servers
• Obtaining Sensitive Information
• Hacking Tools
• Oracle Security Tips
• Metasploit
• Metasploit Demo
• Finding and Fixing SQL Injections
• Hardening Databases
Section C: SQL Injection in Action
• Injection Attack
• Injection Attack Demo
• Joel Helkason Video
Section D: Attack Methods
• Web Server Market Share
• Common Web App Threats
• Progression of the Professional Hacker
• Anatomy of a Web Application Attack
• A Generic Web Application System
• Query Strings
• URL Mappings to Web Application Systems
• Penetration Methodologies
Section E: Most Common Attacks Illustrated
• Vertical Privilege Escalation
• XSS: Cross-Site Scripting
• Business Impacts of XSS
• Finding/Fixing XSS
• Injection Flaws
• Unvalidated Input
• Unvalidated Input Illustrated
• Business Impacts of Unvalidated Input
• Finding/Fixing Unvalidated Input
• Attacks Against IIS
• Unicode
Section F: Tools of the Trade Part I
• N-Stalker
• NTOSpider
• Free Web Assessment Tools
• N-Stalker Demo
• HTTrack
• Wikto
Section G: Tools of the Trade Part II
• Paros Proxy
• Paros Proxy Demo
• Burp Proxy
• Dictionary Maker/Cookies
• Acunetix Web Scanner
• Eclipse for Code Review
• OWASP WebScarab
• Samurai Web Testing