The Art of Exploiting SQL Injection

Sumit Siddharth Mar 12 only


Ends January 10


Ends Feb 28


Ends March 15


This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

This training will target 3 databases:

and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

Identify, extract, escalate, execute; we have got it all covered.

Course Outline

SQL Injection

Who Should Take This Class

Penetration Testers, Web Developers, Security Auditors/Administrators/Managers, anyone else who wants to take their skills to the next level.

Student Requirements, experience/expertise

Attendees must bring their own laptops. The officially supported operating systems for the course are:

You must have Administrative access on the laptop as you will be required to install and run several software and scripts which will be provided during the training. Some of these scripts/software may require turning off anti-virus software.

Equipment/software students must furnish

Students must bring their own laptop with Windows Operating System installed (either running natively or in a VM). Students must have admin access on the windows platform.


Sumit "sid" Siddharth works as a Head of Penetration testing for 7Safe Limited in the UK. He specializes in the application and database security and has more than 6 years of pentesting. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including Black Hat, DEF CON, Troopers, OWASP Appsec, Sec-T etc. Sid is also a contributing author to the book SQL Injection:Attacks and Defense (2nd Edition). He also runs the popular IT security blog: