SQL Injection Attacks (and how to prevent them)
With recent reports of a man convicted of stealing the details of 130million credit cards by use of SQL Injection Attacks, isn't it time to find out how to defend your systems against them? In this talk Colin Mackay will show you what a SQL Injection Attack is, what they look like, how they work and most importantly how to harden your application and database security in order to defend your systems against them.
Although the technologies used in this talk are SQL Server and the .NET Framework, the general ideas presented apply to any database that uses SQL as a query language, and to any framework that may interact with that database.
This talk is pitched at an introductory level although some knowledge of SQL is assumed.
Colin Angus Mackay is a software developer specialising in Microsoft technologies located in Glasgow, Scotland. He is a Member of the British Computer Society, a Microsoft MVP (C#) for three years running, a Microsoft Certified Solutions Developer, the Chairman of Scottish Developers, Code Project MVP for five years running, and has organised two DDD Scotland events (with a third in the making). While not involved in software related pursuits is an amateur photographer (which generally involves wondering why his camera's autofocus mechanism chooses the potted plant off to the side rather than the main subject).