Examples
The examples were run against a copy of the Adventure Works database.
- Basic Demo (ASP.NET MVC / C# / Visual Studio 2010)
- Second Order Demo (WinForms / C’# / Visual Studio 2010)
Required Tables
For the Second Order Demo you need the following table added to the Adventure Works database:
CREATE TABLE [dbo].[FavouriteSearch]( [id] [int] IDENTITY(1,1) NOT NULL, [name] [nvarchar](128) NOT NULL, [searchTerm] [nvarchar](1024) NOT NULL ) ON [PRIMARY] GO
Slide Deck
The slide deck is available for download in PDF format.
Further Reading
During the talk I mentioned a lesson from history on why firewalls are not enough.
I also showed XKCD’s famous “Bobby Tables” cartoon, and also a link to further information on dynamic SQL in Stored Procedures.
More information about the badly displayed error messages can be found amongst two blog posts: What not to develop, and a follow up some months later.
I wrote a fuller article on SQL Injection Attacks that you can read here although it is a few years old now, it is still relevant given that SQL Injection Attacks remain at the top of the OWASP list of vulnerabilities.
The Blog of Colin Mackay 