Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level

DEFCONConference via YouTube

Overview

Explore advanced SQL injection techniques in this DEF CON 32 conference talk that delves beyond traditional query syntax attacks into protocol-level vulnerabilities. Learn how attackers can exploit database wire protocols to smuggle entire SQL and NoSQL statements, even with prepared statements in place. Examine real-world case studies of vulnerable database driver libraries to understand how HTTP request smuggling principles apply to binary protocols, leading to authentication bypasses, data leakage, and remote code execution. Discover the varying levels of protection offered by different programming languages and frameworks against these attacks, and understand how smuggling vulnerabilities extend beyond databases to affect message queues, caching systems, and other binary protocols. Gain insights into future research directions and emerging attack vectors in protocol-level security.

Syllabus

DEF CON 32 - SQL Injection Isn't Dead Smuggling Queries at the Protocol Level - Paul Gerste

Taught by

DEFCONConference

Reviews

Start your review of SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.