Wednesday, 1 October 2008

SANS Institute Workshop: Frontline Solutions for Security Professionals

This is a longer session that all the others, and I hope will take us to a greater depth of understanding of some of the issues. The speaker is a trainer by profession, so the flavour of this posting might be different than the others. Again, SQL injection and Cross-site scripting are the two most common attacks.

The talk was longer than it needed to be (ah well) and covered much of the same ground as the other talk by the same presenter. However, he did give a demonstration of a SQL injection attack used to get passed a bank's credential logon screen, as well as a hacker's toolkit product that he recommended we use to determine what vulnerabilities our own systems might have against the black-hat use of the same techniques.


 

No comments: