Alexander Kornbrust

Title: Oracle SQL Injection in Webapps

Bio:
Alexander Kornbrust is a recognized security consultant and researcher who specializes in Oracle security since 2001. He is also the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle anti-hacker trainings and gave various presentations on security conferences like Black Hat, Microsoft Bluehat, IT Underground.

Alexander Kornbrust has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander has found over 250 security bugs in different Oracle products.

Abstract:
The talk shows advanced SQL injection techniques in Oracle databases. Some of the new developed techniques allow to exploit sql injection vulnerabilities more efficiently (e.g. retrieve an entire table with 1 command or search the entire database for credit card numbers, …).

Some additional improvements for blind sql injection will also be presented.