DeepSec Training: Bug Bounty Hunting — How Hackers Find SQL Injections in Minutes with Sqlmap

DeepSec Conference
Sep 7, 2018 · 1 min read
';--have i been pwned? by Troy Hunt.
';--have i been pwned? by Troy Hunt.

In a previous article we talked about the Bug Bounty Hunting training by Dawid Czagan at DeepSec 2018. In case you do now know what to expect, there is a little teaser consisting of a full blown tutorial for you. Dawid has published as video tutorial that shows you how to use Sqlmap in order to find SQL injections. It serves as a perfect example of what to expect from his two-day training and what you absolutely need to play with for preparation. DeepSec trainings are in-depth, not superficial. Dawid’s training will go into much deeper detail. Software developers are well advised to use attack tools against their own creations. It helps to understand what error conditions your code might be in and what you have to do when sanitising data.

SQL injection attacks have been around for over 15 years. They still exist. Given the widespread use of databases, they will stay for a while longer. The bug has even entered mainstream (nerd) culture, so make sure you know what it is all about.


Originally published at .

Written by

The In-Depth Security Conference in the Heart of Europe.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade