We have three cool webcasts lined up next week:
1) SQL Injection for the Penetration Tester on April 27
Eric Conrad will kick off the week of webcasts with something every penetration tester should know about. "Both normal and blind SQL attacks will be described, including reading and altering databases, creating local files, and gaining command shell access to the database server."
2) Defending Web Applications: Going back to to First Principles on April 28
In this talk Johannes and Jason "will outline current attacks against web applications, why they evade detection by network defenses and how to build defensible applications by going back to simple defensive principles. Each of the attacks will be illustrated from a defensive as well as offensive point of view showing the strength and weakness of each defensive measure."
3) The Growing Threat and Impact of Web-Based Malware on April 29
Finally, Johannes and Neil Daswani will finish off the week with a talk on the growing threat of web-based malware. "The way malware is being distributed has undergone a fundamental shift, With attackers focusing on planting 'drive-by downloads' on legitimate sites in an automated fashion, taking advantage of vulnerabilities in hosting platforms, web applications, and structural vulnerabilities in web sites. The impact is quite significant — end users can get infected simply by visiting affected web sites, and webmasters lose their traffic due to having their infected sites blacklisted by search engines and browsers."