SQL injection attacks and tips on how to prevent them
Wednesday, October 28, 2009 from 7:00 PM to 9:00 PM (GMT)
Dundee, United Kingdom
In light of some recent events, such as the man who was convicted of stealing 130 million credit card details through a SQL Injection attack, it is imperative that developers understand what a SQL Injection Attack is, how they are carried out, and most importantly, how to defend your code against attack.
In this talk Colin Mackay will demonstrate a SQL Injection Attack on an application in a controlled environment*. He’ll show you where the vulnerable code lies and what you can do to harden it.
Although this talk uses C# as the application language and Microsoft SQL Server 2008 as the database engine many of the concepts and prevention mechanisms will apply to any application that accesses a database through SQL.
* Demonstrating an attack on a system without the owner’s consent is a breach of the 1990 Misuse of Computers Act, hence the controlled environment.
Colin Angus Mackay is a Software Developer living in Glasgow. He has been programming since the age of 9 starting with a Sinclair ZX Spectrum. He became a professional software developer in 1994, using a Smalltalk based language called Magik. In 1996 he started using C++ commercially and in 2002 migrated to the emerging language of C#.
Colin has received a number of awards including Code Project MVP (for 5 years) and Microsoft MVP (for 3 years). He is a member of the British Computer Society and a Member of the Institution of Analysts and Programmers. He is currently the chairman of Scottish Developers and has organised the last two Developer Day Scotland conferences (with a third in the works).
You can find out more on his blog at: http://blog.colinmackay.net
We are meeting in the Queen Mother Building at Dundee University. After the meeting we normally retire to the the bar at Laing's
18:45 Doors Open
19:10 The Talk (Part 1)
20:05 The Talk (Part 2)
20:45 Feedback & Prizes
21:00 Repair to the Pub