Anurag Agarwal continued his series of Reflections on web security superstars by presenting Ivan Ristic, the man who put ModSecurity on the map of mandatory security controls. Just like before, Anurag covers all the articles, books, tools and great contributions to the information security made by Ivan Ristic.

Cursor Injection – A New Method for Exploiting PL/SQL Injection and Potential Defences David Litchfield, NGSSoftware , released this paper which describes a new method whereby an attacker, seeking to exploit a SQL injection flaw in an Oracle database server, may do so without the need to create an auxiliary inject function in order to execute arbitrary SQL.

Anurag Agarwal released the third article from the series of mini biographies called Reflection which so far presented Amit Klein and RSnake ;

Well, having the SQL server call home to your machine is cool enough (bye bye firewall) , but the paper’s author, Cesar Cerrudo went a step forward . These are the main topics covered by his paper :