The Art of Exploiting SQL Injection

Sumit Siddharth july 24


Ends February 1


Ends June 1


Ends July 20


July 21-24


This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

This training will target 3 databases:

and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

Identify, extract, escalate, execute; we have got it all covered.

Who Should Take This Class

Penetration Testers, Web Developers, Security Auditors/Administrators/Managers, anyone else who wants to take their skills to the next level.

Student Requirements, experience/expertise

A prior knowledge of databases and SQL would be handy but is not a strict requirement.

Equipment/software students must furnish

Students must bring their own laptop with Windows Operating System installed (either running natively or in a VM). Students must have admin access on the windows platform.


Sumit "sid" Siddharth works as a Head of Penetration testing for 7Safe Limited in the UK. He specializes in the application and database security and has more than 6 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including Black Hat, DEF CON, Troopers, OWASP Appsec, Sec-T etc. He also runs the popular IT security blog: