Select Page

SECFORCE invited to present at Athcon

SECFORCE was invited to present at Athcon conference, held in Athens during 2nd and 3rd June 2011. AthCon is an annual IT security conference that takes place in Athens Greece designed to give a technical insight to the world of IT security. A realistic, practical...

SECFORCE achieves quality management ISO 9001 certification

SECFORCE has achieved recognition for its quality management systems with the award of ISO 9001:2008. The certification recognises the company’s commitment to quality management systems used in the delivery of IT security services to SECFORCE customers and to...

Benefits of penetration testing

One of the questions that we get from time to time is “Why should I conduct a penetration test?” Undoubtedly every business works in a different way and the value of conducting a penetration test varies in each case. Some businesses might manage IT security in a...

Exploiting SQL injection vulnerabilities with Metasploit

In this post we are going to show how to exploit a SQL injection vulnerability on a web application using Microsoft SQL server backend where xp_cmdshell is available to the attacker. Given a penetration test to a web application it is identified that it is vulnerable...

Exploiting MS09-004 via SQL injection

Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end...