PL/SQL and SQL Injection: Techniques to hack an Oracle Database (and how to block them)
Prevent SQL Injection through PL/SQL! Secure your Oracle applications!
Oracle PL/SQL has the ability to run dynamically created SQL statements. Some developers find this useful, some hackers find it even more useful. This training will demonstrate some commonly used techniques for injecting arbitrary SQLs into an application (hacking), with advice on how to detect and mitigate the vulnerabilities.
Presenters – John Watson and Dave Anderson
This free training is segmented into several separate lessons:
- Lesson 1 – Agenda (2:05) (2:05)
- Lesson 2 – What is SQL Injection? (4:13) (click on video below)
- Lesson 3 – Dynamic SQL Review (4:33)
- Lesson 4 – Demonstration, SQL Injection, First Order Attack (7:08)
- Lesson 5 – Demonstration, Second Order Attack (7:48)
Date: Feb 1, 2018