Here’s my random notes on SQLMap presentation at EuroPython 2011. My motivation writing this notes is I don’t want end as end-user only. I need to improve. I should learn. I should contribute. I need to grow.
I want to live in Europe 🙂
- Miroslav Stampar is the third main developer of sqlmap
- This EuroPython 2011 is Miroslav first conference
- The first author of SQLMap is Danielle Belluci and the second is Bernardo Damele who come from Trieste, Italy(?)
- Miroslav explains SQLMap current status: the detection engine, the enumeration engine, the take over functionalities (taken from metasploit)(?)
- Miroslav shows the SQLMap statistic from ohloh.net From the statistic, SQLMap main components are written in XML and in Python. XML is the core of the SQLMap, the knowledge. While Python is the engine.
- There are five methods of SQL injection. I should learn a lot about this. They are: blind-based, error-based, union query, time-delay-based, stacked query. Wow, there are a lot of new vocabulary to learn.
- SQLMap is using redmine as the project management
- SQLMap using VMWare for the testing environment. They are Windows and Debian GNU/Linux operating system.
- Then I am having difficulty to follow these part: inference, character prediction, null-connection, atomicity removal, reflective values, statistics, false positives, heuristic test, pivoting, SQL harvesting. I only understand the tampering script, which is a script created to bypass the WAF (Web Application Firewall). I only understand small parts of statistic, the normal-distribution, but I don’t understand better how this relate with SQLMap. So statistic is everywhere.
Unfortunately there’s no question from the audience during the Q&A session. I thought, they didn’t record it, but when Miroslav ended his talk, it seemed there was no one asking a question. During the talk, I can’t hear clearly whether there are questions or not.
For the final words, I sent a couple of ideas and feature requests to SQLMap. I am quite proud of it, but I do know there are still many things to learn and contribute.
Just remember, to be proud in what you do.