Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:31 PM
Dark Reading
Dark Reading
Products and Releases

Core Security Expert Details Advanced SQL Injection Testing

Leading penetration testing specialist to demonstrate methods that boost accuracy of automated SQL injection assessment

VANCOUVER, B.C., CANADA " March. 23, 2010 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that one of its CoreLabs researchers will serve as a featured presenter at the CanSecWest Applied Security Conference 2010 being held at the Sheraton Wall Centre March 24-26.

At the conference, CoreLabs Researcher Fernando Federico Russ will demonstrate cutting-edge web application assessment techniques that highlight methods for automated identification and exploitation of SQL injection vulnerabilities.

Russ will specifically address improvement of the automated SQL injection vulnerability assessment process to eliminate false positives and to automatically generate exploit code to confirm problems. The presentation will demonstrate the use of black-box testing techniques for finding and exploiting SQL injection flaws that provide detailed analysis of the types of behaviors that hackers may be able to carry out once they have compromised any given vulnerabilities. The expert, whose responsibilities include conducting vulnerability research and creating new testing capabilities to be utilized in Core Security's automated testing solutions, will also examine common difficulties that are incurred when trying to expose SQL injection vulnerabilities, and methods for employing black-box interaction to automatically construct related exploits. The presentation is based on work conducted and submitted by Russ in cooperation with Core Specialist Researcher Sebastian Cufre. "While SQL injection is an exploitation method that has been around for quite some time, it remains extremely relevant to security organizations worldwide as real-world attackers continue to carry out widespread campaigns that use the technique effectively to compromise systems and gain access to protected data," said Russ. "By creating new assessment techniques that use automation to find and exploit SQL injection flaws more efficiently we can help organizations locate and address critical vulnerabilities faster." What: "Automated SQL Ownage Techniques" When: Wednesday, March 24, 2010; 3:30-4:30p.m. ET Where: CanSecWest 2010, Sheraton Wall Centre, Vancouver, B.C. Who: Fernando Federico Russ, CoreLabs Researcher

As the focus on web applications among advanced attackers continues to increase and SQL injection remains one of the primary methods used by cybercriminals to compromise applications and gain access to protected data, it is critical that organizations find better ways to assess their exposure to the involved vulnerabilities. Please join us for this extremely timely, informative presentation. Core Security feeds the intelligence garnered via the work of its CoreLabs research experts and SCS consultants directly into its CORE IMPACT family of automated penetration testing solutions to ensure that organizations can proactively determine their exposure to such widely available vulnerabilities. For more information about the presentation or to schedule meetings with Core Security's experts at CanSecWest 2010 please contact Tim Whitman or Lauren O'Leary at 781-684-0770 or via email at: [email protected]

About Core Security Technologies Core Security Technologies provides IT security executives with comprehensive security testing and measurement of their IT assets by adding real-world actionable intelligence and verification to their IT security management efforts. Our software products build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.

Contacts: Tim Whitman or Lauren O'Leary Schwartz Communications 781 684-0770 [email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-24
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences.
PUBLISHED: 2021-06-24
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
PUBLISHED: 2021-06-24
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
PUBLISHED: 2021-06-24
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.
PUBLISHED: 2021-06-24
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945.