"Data Breaches & Password Hashes"

Sam Bowne
Instructor, CNIT Department
CCSF
-------------------------------------------------------------------------------------------------
The vast majority of all stolen data was taken with SQL injection. Every security professional needs to understand it well.

After a brief explanation of the vulnerabilities, attacks, and defenses, students will set up a
vulnerable SQL website using SQLol, exploit it with Havij (the tool Anonymous used to exploit PBS), and protect it with input validation.

Additional projects are available for you to use in your classes, demonstrating other attacks and a better defense--parameterized queries.

All the PowerPoint slides, lecture notes, and hands-on projects will be `freely available for you to incorporate into your own classes.

Students will set up a SQL server and a vulnerable application, exploit it, and patch it to make it more secure. We can provide netbooks for students to use, or they can use their own laptops. An internet connection would be nice but if it doesn't work, the workshop can proceed without it.

Students can use their own laptops, if they have VMware and BackTrack 5 ready to go.