I’m giving a talk in Dundee on the topic of SQL Injection Attacks. If you are interested in the subject then the registration link is at the bottom of the page.
Wednesday, 28th October 2009 at 19:00 – 21:00
Queen Margaret Building, Dundee University
In light of some recent events, such as the man who was convicted of stealing 130 million credit card details through a SQL Injection attack, it is imperative that developers understand what a SQL Injection Attack is, how they are carried out, and most importantly, how to defend your code against attack.
In this talk I’ll demonstrate a SQL Injection Attack on an application in a controlled environment*. I’ll show you where the vulnerable code lies and what you can do to harden it.
Although this talk uses C# as the application language and Microsoft SQL Server 2008 as the database engine many of the concepts and prevention mechanisms will apply to any application that accesses a database through SQL.
* Demonstrating an attack on a real system without the owner’s consent is a breach of the 1990 Misuse of Computers Act, hence the controlled environment.
We are meeting in the Queen Mother Building at Dundee University. After the meeting we normally retire to the the bar at Laing’s
18:45 Doors Open
19:10 The Talk (Part 1)
20:05 The Talk (Part 2)
20:45 Feedback & Prizes
21:00 Repair to the Pub
Space is limited, we would therefore ask that you sign up.