The first point of contact with a target network will predominantly be through the De-Militarized Zone. This whole section is dedicated to the exploits that apply to this part of the Attack Surface. It is sub-sectioned into:

- DNS/Mail/Web/VPN Servers
- Database Mining-SQL Injection

Database Mining is the process of attacking a database server through the front end. In this section, we open up a network through a SQL server web interface running on a web server inside the DMZ.

Laboratory: Students will be thrust into an online banking environment and will successfully exploit the database front-end to bypass authorization, elevate account privileges, transfer money and manipulate cookies by employing an advanced ‘SQL Injection’ technique known as ‘Blind SQL Injection’. Other attack methods will include VPN IPSEC PSK cracking, circumventing DNS, Mail and Web servers using the latest techniques.

Source:
http://www.mile2.com/Certified_Pen_Testing_Expert_CPTE.html

Don