Monday, May 31, 2010

MS Access SQL Injection

I have a testing trip coming up that involves a web application built using MS Access on the backend.  I've just gotten Jusin Clarke's great book SQL Injection Attacks and Defense.  There doesn't seem to be a treatise on SQL injection for MS Access, but there are some good sources.  I know that Access doesn't support the ', so I'm working on other methods.  Already, I have information on the application, and based on what I've discussed with the developers, the app has to be "injectable," it's just a matter of where.  Some of the MS Access SQL Injection resources I've been going through include:

Saturday, May 29, 2010

Online Penetration Testing class

I haven't decided yet how to spend my education budget.  I really want to attend the SANS What Works in Forensics and Incident Response summit, but I think it's too much for the company to pay for.  Then, the other day, I was reading Darknet, and I saw their posting on the eLearnSecurity Online Penetration class.  The price is pretty good, and I would really like to learn the network pen testing segment.  As I've been doing a lot of web application auditing lately, I wouldn't mind learning the tips and tricks to web applications as I think it will only help the auditing skills.

If you've taken any of the classes by eLearnSecurity, I'd like to hear your feedback.

Wednesday, May 5, 2010

Hackin9 magazine now free

This post might be a bit late.  I originally posted/mused about Hackin9 back in January of 2008.  Now, I see it has become a free e-zine.  Head to and sign up for the newsletter.  At the time of this post, you are able to download the current issue in .pdf form.