RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-7

Hacking Oracle PL/SQL

David Litchfield, NGS Software

registration button

A new course designed and taught by world renown security vulnerability researcher David Litchfield.

Never has the need for understanding Oracle database security been so great as it is today as the boundaries between networks become less defined and web applications provide direct inroads through any firewalls and into the backend. This course will teach you how to hack into Oracle database servers; only by truly grasping the mechanics of attacks can a complete and effective defense be built. We will cover all aspects of breaking into Oracle database and application servers covering such topics as

  • Understanding PL/SQL Vulnerabilities
    Cursor Snarfing Vulnerabilities
    PL/SQL Injection
    Auxillary Function Injection
    Cursor Injection Attacks
    Java Injection
    Lateral SQL Injection via SYSDATE and DATE data (*new discovery)
    Abusing Triggers To Gain Control
    Bypassing VPD
    Data exfiltration
    Exploiting Oracle Application Server and mod_plsql

A prior knowledge of Oracle would be useful but not necessary.

Who Should Take the Course
Anyone interested in Oracle Database Security


David Litchfield

Founder and Chief Scientist, NGS Software

David Litchfield is the founder and Chief Research Scientist of NGSSoftware Ltd, a U.K. based security solutions provider. He is the co-author of "The Database Hacker's Handbook", "The Shellcoder's Handbook", "SQL Server Security" and "Special Ops". He has lectured both the National Security Agency in the U.S. and G.C.H.Q. in the U.K. on emerging threats and information assurance.

He is a regular speaker at the Black Hat Security Briefings and has also presented at Microsoft Bluehat and Microsoft TechEd. Previously he was the Director of Security Architecture of @stake, since accquired by Symantec and the founder and Managing Director of Cerberus Information Security Ltd, which was accquired by @stake in July 2000. At NGSSoftware, as well as conducting research into new computer vulnerability, David has designed and help develop NGSSQuirreL, a powerful tool for advanced database vulnerability and risk assessment.

registration button

Ends May 1

Ends July 1

Ends July 30

Begins August 1

USD $2000

USD $2200

USD $2400

USD $2700
1997-2009 Black Hat ™