I gave my first public talk today at Duke’s TechExpo 2009. I along with my coworker Artem Kazantsev discussed the risks of SQL Injection. The presentation gives a good overview of the capabilities of SQL injection along with how to prevent such vulnerabilities. I also gave a demo of performing a SQL injection attack on a vulnerable site during the talk. For any web programmers who aren’t familiar with SQL injection, take a look at the code for the demo to see exactly how and why it is vulnerable, along with how to fix these vulnerabilities.
Additionally, earlier in the year I worked with Duke’s ITSO to write up examples of good coding practices to protect against a variety of web application security issues. This referenced is linked on Duke ITSO’s site here: http://www.security.duke.edu/ITSO_Web_Application_Security_Standard_v1.pdf