Alex Beutel's Blog

SQL Injection at Duke TechExpo 2009

October 12th, 2009 · No Comments

I gave my first public talk today at Duke’s TechExpo 2009. I along with my coworker Artem Kazantsev discussed the risks of SQL Injection. The presentation gives a good overview of the capabilities of SQL injection along with how to prevent such vulnerabilities. I also gave a demo of performing a SQL injection attack on a vulnerable site during the talk. For any web programmers who aren’t familiar with SQL injection, take a look at the code for the demo to see exactly how and why it is vulnerable, along with how to fix these vulnerabilities.

SQL Injection Presentation

SQL Injection Demo

Additionally, earlier in the year I worked with Duke’s ITSO to write up examples of good coding practices to protect against a variety of web application security issues. This referenced is linked on Duke ITSO’s site here: http://www.security.duke.edu/ITSO_Web_Application_Security_Standard_v1.pdf

Tags: Duke · PHP · Web Development

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment