Core Security Expert Details Advanced SQL Injection Testing

Leading penetration testing specialist to demonstrate methods that boost accuracy of automated SQL injection assessment

March 24, 2010

3 Min Read


VANCOUVER, B.C., CANADA " March. 23, 2010 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that one of its CoreLabs researchers will serve as a featured presenter at the CanSecWest Applied Security Conference 2010 being held at the Sheraton Wall Centre March 24-26.

At the conference, CoreLabs Researcher Fernando Federico Russ will demonstrate cutting-edge web application assessment techniques that highlight methods for automated identification and exploitation of SQL injection vulnerabilities.

Russ will specifically address improvement of the automated SQL injection vulnerability assessment process to eliminate false positives and to automatically generate exploit code to confirm problems. The presentation will demonstrate the use of black-box testing techniques for finding and exploiting SQL injection flaws that provide detailed analysis of the types of behaviors that hackers may be able to carry out once they have compromised any given vulnerabilities. The expert, whose responsibilities include conducting vulnerability research and creating new testing capabilities to be utilized in Core Security's automated testing solutions, will also examine common difficulties that are incurred when trying to expose SQL injection vulnerabilities, and methods for employing black-box interaction to automatically construct related exploits. The presentation is based on work conducted and submitted by Russ in cooperation with Core Specialist Researcher Sebastian Cufre. "While SQL injection is an exploitation method that has been around for quite some time, it remains extremely relevant to security organizations worldwide as real-world attackers continue to carry out widespread campaigns that use the technique effectively to compromise systems and gain access to protected data," said Russ. "By creating new assessment techniques that use automation to find and exploit SQL injection flaws more efficiently we can help organizations locate and address critical vulnerabilities faster." What: "Automated SQL Ownage Techniques" When: Wednesday, March 24, 2010; 3:30-4:30p.m. ET Where: CanSecWest 2010, Sheraton Wall Centre, Vancouver, B.C. Who: Fernando Federico Russ, CoreLabs Researcher

As the focus on web applications among advanced attackers continues to increase and SQL injection remains one of the primary methods used by cybercriminals to compromise applications and gain access to protected data, it is critical that organizations find better ways to assess their exposure to the involved vulnerabilities. Please join us for this extremely timely, informative presentation. Core Security feeds the intelligence garnered via the work of its CoreLabs research experts and SCS consultants directly into its CORE IMPACT family of automated penetration testing solutions to ensure that organizations can proactively determine their exposure to such widely available vulnerabilities. For more information about the presentation or to schedule meetings with Core Security's experts at CanSecWest 2010 please contact Tim Whitman or Lauren O'Leary at 781-684-0770 or via email at: [email protected].

About Core Security Technologies Core Security Technologies provides IT security executives with comprehensive security testing and measurement of their IT assets by adding real-world actionable intelligence and verification to their IT security management efforts. Our software products build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at 617-399-6980 or on the Web at:

Contacts: Tim Whitman or Lauren O'Leary Schwartz Communications

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights