Web Application and Database Hacking Demonstration 
Faisal Rahman, Senior Security Engineer
Imperva, Inc.
Presentation Abstract:
This is a Web Application and Database hacking demonstration on a live web site that was created specifically for this purpose. This web site is sitting behind a market leading Firewall, and the applications running it were designed by a third party firm that specializes in creating on-line shopping applications.
For the first portion of the presentation we will be involved in an in depth discussion and training of application and database vulnerabilities. This discussion will include many real life examples of penetration tests that we have conducted.
The attack training that we will be conducting was designed to increase people's awareness of inherent design flaws found in the majority of today’s applications. We demonstrate things such as SQL Injection, Cross Site Scripting, Discount Cookie Poisoning, direct database attacks and several other application and database attacks.
The presentation will end with a general discussion of prevention techniques and then a Q&A.
Bio:
Faisal Rahman is a Senior Security Engineer at Imperva, Inc. He is responsible for providing technical sales support, application and database security consulting and training services to the company’s customers. Mr. Rahman has 7+ years experience in network and database security.
He first worked as Security Engineer at E*Trade Financial providing global infrastructure security. Since then Mr. Rahman has worked at otherfortune 1000 companies and software vendors, providing consulting to companies how to protect their most valuable information assets.
