01.21
In light of some recent events, such as the man who was convicted of stealing
130 million credit card details through a SQL Injection attack, it is
imperative that developers understand what a SQL Injection Attack is, how they
are carried out, and most importantly, how to defend your code against
attack.
In this talk Colin Mackay will demonstrate a SQL Injection Attack on an
application in a controlled environment*. He’ll show you where the vulnerable
code lies and what you can do to harden it.
Although this talk uses C# as the application language and Microsoft SQL
Server 2008 as the database engine many of the concepts and prevention
mechanisms will apply to any application that accesses a database through
SQL.
Speaker
Colin Angus Mackay is a Software Developer from Edinburgh, now living in Glasgow. He is a Microsoft MVP (C#), and has keen interests in sticking data on maps. He has worked with Microsoft Visual C++ since about Version 2.1. He has been playing with the .NET Framework and C# since it was in beta but has been using it commercially since late 2002. He originally started programming when he was about 9 years old, on a Sinclair ZX Spectrum with an amazing 48K memory! Naturally he went for a computing degree. After leaving university he co-founded a company that developed a GIS product but he is now working for an digital agency in Glasgow.
Location
Scottish Developers have been kind enough to help organise a venue for use and have arranged for Equator to let us use their board room. Due to size of the room, we have to limit the available spots to 12. The presentation will take place on the 4th February at 7:30pm.
Equator,
Ground Floor,
Moda, 144 Elliot Street
Glasgow, G3 8EX
