SQL Injection Attacks (and how to prevent them)

With recent reports of a man convicted of stealing the details of 130million credit cards by use of SQL Injection Attacks, isn't it time to find out how to defend your systems against them? In this talk Colin Mackay will show you what a SQL Injection Attack is, what they look like, how they work and most importantly how to harden your application and database security in order to defend your systems against them.

Although the technologies used in this talk are SQL Server and the .NET Framework, the general ideas presented apply to any database that uses SQL as a query language, and to any framework that may interact with that database.

This talk is pitched at an introductory level although some knowledge of SQL is assumed.

Colin Angus Mackay

Colin Angus Mackay is a software developer specialising in Microsoft technologies located in Glasgow, Scotland. He is a Member of the British Computer Society, a Microsoft MVP (C#) for three years running, a Microsoft Certified Solutions Developer, the Chairman of Scottish Developers, Code Project MVP for five years running, and has organised two DDD Scotland events (with a third in the making). While not involved in software related pursuits is an amateur photographer (which generally involves wondering why his camera's autofocus mechanism chooses the potted plant off to the side rather than the main subject).

Colin Angus Mackay's blog http://blog.colinmackay.net

---

Downloads

No items to download

---

Other sessions from this conference

A whistlestop tour of SSIS add-ins

Achieve SQL Server 2008 High Availability and Disaster Recovery - technical case study

An introduction to Master Data Services

Building cubes from ODS or Operational Systems

Cache-warming strategies for Analysis Services 2008

Common Integration Services Problems

Creating High Performance Spatial Databases

Data & Backup Compression in SQL Server 2008

Data Visualisation with Bing Maps for Enterprise

Data Warehouse on a Fast Track forwards

Data warehousing features in SQL 2008

Designing for simplification

Designing I/O systems for SQL Server

Excel - An Excellent Data Mining Tool

Getting Dimensional with Data

I need my reports..........Yesterday!

Introducing Project Madison

Introducing SQL Server Master Data Services

Introduction of MS StreamInsight.

Introduction to the Microsoft BI Technology Stack

Let’s make SQL fly – a technical session for developers and administrators who believe in magic!

Lets go more functional - F# WHAT , WHY and BI

Microsoft SQL Server 2008 R2: What’s New in Reporting Services

Optimistic Concurrency Internals

Powershell – old tricks for a new dog?

Put Your Feet Up : Simplified Management using the Enterprise Policy Management Framework

Real World SQL Server High Availability

Report Builder 3

Self Service Business Intelligence- Project Gemini

Server consolidation with SQL Server

SQL 2008 Development Features

SQL Server 2008 - Unstructured Data Storage Solutions and Best practices

SQL Server optimization stuff you won’t find on Google (yet)

SQL, NoSQL, SomeSQL - A look at non-relational databases

SQLDataSources, LINQDataSources and EntityDatasources in Database Design

SSIS in SQL Server 2008

Strapped for cache? - Troubleshooting memory problems in SQL Server 2008

The R2 Duo: Running SQL Server 2008 R2 on Windows Server 2008 R2 Core

T-SQL Tuning with Colin Chapman, Enzo Ferrari, and The Stig

Using Perfmon and Profiler

Virtualising SQL Server

Vital Statistics

What's new in R2 for the DBA

When a query plan goes wrong