Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Back To Schedule
Friday, September 13 • 11:30am - 12:15pm
Farewell, WAF - Exploiting SQL Injection from Mutation to Polymorphism

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In this talk, we'll not only go through the core ideas and concepts of the Web application firewall (WAF) and also some background information about mutation testing against web applications, but introduce a promising direction of automatically generating SQL Injection attacks with Polymorphism. We'll be giving out some case studies and bypasses for the ModSecurity's latest version alongside our demonstrations and explain why common detections cannot help in this place as well. The audience will then realize the power of this concept and the beauty of the SQL language after the talk.

avatar for Boik Su

Boik Su

Boik Su has five-year experience in Web development, and actively using Open Source Software to create and manage applications or tools for his research in Web Security. He has received some awards from CTFs, been the speaker at AVTokyo 2017 and 2018, Taiwan Modern Web 2017, OSCON... Read More →

Friday September 13, 2019 11:30am - 12:15pm EDT
Lincoln 4