Dirty Data: A Hands on Look at SQL Security Threats
SQL Injection is public enemy number one to maintaining the security of your data. It is widely considered to be the most prevalent web application threat because it requires no special tools for the attacker and the requests sent to enterprise databases can look completely normal. The rewards for the attacker are also high; unauthorized access to a company’s internal databases, listings of usernames and passwords, credit card information and social security numbers.
Sound scary? It is. The good news is the more you know how SQL Injection works, the more power you will have to protect your company’s data as well as your customer and employee base. This talk will let you really see how SQL Injection works, give you professional knowledge on what to look for and arm you with a mind-twisting way to look at SQL. You will see real-world examples, demos using WebGoat and gain tangible skills to take to work tomorrow.
Kelly FitzGerald is a Senior Vulnerability Analyst on the Symantec Product Security Team under the office of the CTO. Kelly joined Symantec in 2003 and has held positions as QAEngineer, QA Lead and QA Supervisor in both the Consumer and Enterprise organizations.
In her time with Symantec on the Symantec Security Information Manager(SSIM) Project she worked closely with the Deepsight Threat Team and the NOC(Network Operations Center) to analyze and test the SSIM Correlation Engine for accurate content and behavior. In her time in the Partner Services team in the Consumer Organization, Kelly supervised the global ISP team located in the U.S. and Chennai to build partner customized versions of various Norton solutions.
Prior to her arrival at Symantec, Kelly held a sought after internship as a Computer Forensic Analyst at EvidentData. In this role, she used chain-of-custody rules to examine and analyze evidence for federal, corporate and individual litigations. In the internship prior to EvidentData she worked at the NASA Aames Research Center as a counselor for U.S. Space Camp in California. Kelly holds a bachelor’s degree in Computer Science from California State University, San Bernardino. She was the recipient of a full academic scholarship from the National Science Foundation for her work in looking at the coupling and cohesion in object-oriented programs.
Admission is free
NoodleYard (a Coloft project):
Our friends at Coloft have launched a new job engine called NoodleYard. This is the hot new place to find local jobs and local talent. Check it out!
Several copies of Norton Products
HOW TO ENTER THE RAFFLE
Tweet or Share on Facebook a big thank you to our sponsors, @NoodleYard & Symantec. Our group hashtag is #LAMySQL.
Free & plentiful street parking.
GIVE A RIDE, GET A RIDE
If you'd like to carpool, please post your location in the carpool thread.
It's always a shame when we hear that someone wanted to attend but couldn't because of the distance.
FOLLOW US ON TWITTER
If you want to hear about upcoming tech meetups, follow the organizers: