This presentation we showed how security products fail to protect or detect against some type of flaws. Products includes web scanners , log analysis, ids, waf as Snort, OSSEC, Qualys, Acunetix, W3AF and so on. Problems aren't related only with those tools, we just use them to create our PoCs. Possible problems could be a Compliance bypass creating reports "without" SQLi for example.
7. Native English countries
Map of nations using English as a de facto or official majority language (dark blue) or an official minority language (light blue)
Source: http://en.wikipedia.org/wiki/List_of_territorial_entities_where_English_is_an_official_language
10. Offensive
Tool Prepare
Request
based on
services
Send
request to
device
Service process
request
Service
send
response
Tool
receive
response
Tool
process
response
11. Defensive
Tool Prepare
Request
based on
services
Send
request to
device
Service process
request
Service
send
response
Tool
receive
response
Tool
process
response
Defensive
Tool
17. Changes on the fly ...
mysql> select @@@version;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near '@version' at
line 1
mysql> SET lc_messages = 'pt_BR';
Query OK, 0 rows affected (0.00 sec)
mysql> select @@@version;
ERROR 1064 (42000): Você tem um erro de sintaxe no seu SQL próximo a '@version' na
linha 1
mysql>
33. Not easy fix, just talking about MySQL
By default, mysqld produces error messages in English, but
they can also be displayed in any of several other languages
: Czech, Danish, Dutch, Estonian, French, German, Greek,
Hungarian, Italian, Japanese, Korean, Norwegian,
Norwegian-ny, Polish, Portuguese, Romanian, Russian,
Slovak, Spanish, or Swedish.
20 languages
35. Work more with code errors (when available)
mysql> select @@@version;
ERROR 1064 (42000): Você tem um erro de sintaxe no seu SQL próximo
a '@version' na linha 1
mysql> select @@@version;
ERROR 1064 (42000): You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near '@version' at line 1