Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Understanding and Exploiting SQL Injection flaws in Web Apps by Riyaz Walikar
Note: The session details including schedule are available below.

Understanding and Exploiting SQL Injection flaws in Web Apps

You can register by clicking on the Register button and Confirming Registration on the next page.

Registrations will close on March 9th 8:00 PM or when the count reaches 55 (whichever happens first).

Only the registered participants will be sent a confirmation email with the venue details. This email will be sent by Friday March 10th 10:00 AM.

Please read the following instructions carefully. This will enable us to have a smooth, hassle free session.


This will be a completely hands on session on detecting and exploiting SQL Injection issues. At the end of this session, the participant will be able manually identify SQL Injection vulnerabilities in web applications and use the vulnerability to perform the following:
-- Extract data from backend databases
-- Execute system level commands on the server

The following types of SQL Injection will be covered:
-- Basic SQL Injection(Using database schema to extract specific information)
-- Error Based SQL Injection (Using DB errors presented to the user via the application)
-- Time Based SQL Injection (Using induced delays to check for true / false conditions)
-- Second Order SQL Injection (Triggered via resident data)
-- Server compromise using SQL Injection (MSSQL and MySQL).

Hardware Pre-requisites (Mandatory)

  • A system capable of running Virtual Box. You can test this by installing Virtual Box and creating a test VM.
  • Atleast 2 GB of RAM
  • Atleast 1 GB of free space (to copy the VM that will be distributed)

Software Pre-requisites (Mandatory)

Date Saturday March 11 2017
Chapter Bangalore
Registrations 55
Max Registrations 55
Event Type Invite Only
Start Time 09:30 AM
End Time 06:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
Understanding and Exploiting SQL Injection flaws in Web Apps Riyaz Walikar 09:30 AM 06:00 PM


This is an invite only event. If you are selected you will receive further information via e-mail.