PL/SQL and SQL Injection: Techniques to hack an Oracle Database (and how to block them)
Prevent SQL Injection through PL/SQL! Secure your Oracle applications!
Oracle PL/SQL has the ability to run dynamically created SQL statements. Some developers find this useful, some hackers find it even more useful. This training will demonstrate some commonly used techniques for injecting arbitrary SQLs into an application (hacking), with advice on how to detect and mitigate the vulnerabilities.
Presenters – John Watson and Dave Anderson
This free training is segmented into several separate lessons:
- Lesson 1 – Agenda (2:05) (2:05)
- Lesson 2 – What is SQL Injection? (4:13)
- Lesson 3 – Dynamic SQL Review (4:33)
- Lesson 4 – Demonstration, SQL Injection First Order Attack (7:08) (click on video below)
- Lesson 5 – Demonstration, Second Order Attack (7:48)
Date: Feb 1, 2018