Dirty Data: A Hands on Look at SQL Security Threats by Kelly Fitzgerald

  • March 14, 2011 · 7:00 PM


Kelly Fitzgerald

Website: Owasp.org


Dirty Data: A Hands on Look at SQL Security Threats

SQL Injection is public enemy number one to maintaining the security of your data.  It is widely considered to be the most prevalent web application threat because it requires no special tools for the attacker and the requests sent to enterprise databases can look completely normal.  The rewards for the attacker are also high; unauthorized access to a company’s internal databases, listings of usernames and passwords, credit card information and social security numbers. 

Sound scary?  It is.  The good news is the more you know how SQL Injection works, the more power you will have to protect your company’s data as well as your customer and employee base.  This talk will let you really see how SQL Injection works, give you professional knowledge on what to look for and arm you with a mind-twisting way to look at SQL. You will see real-world examples, demos using WebGoat and gain tangible skills to take to work tomorrow.


Kelly FitzGerald is a Senior Vulnerability Analyst on the Symantec Product Security Team under the office of the CTO.  Kelly joined Symantec in 2003 and has held positions as QAEngineer, QA Lead and QA Supervisor in both the Consumer and Enterprise organizations.
     In her time with Symantec on the Symantec Security Information Manager(SSIM) Project she worked closely with the Deepsight Threat Team and the NOC(Network Operations Center) to analyze and test the SSIM Correlation Engine for accurate content and behavior.  In her time in the Partner Services team in the Consumer Organization, Kelly supervised the global ISP team located in the U.S. and Chennai to build partner customized versions of various Norton solutions. 
     Prior to her arrival at Symantec, Kelly held a sought after internship as a Computer Forensic Analyst at EvidentData.  In this role, she used chain-of-custody rules to examine and analyze evidence for federal, corporate and individual litigations.  In the internship prior to EvidentData she worked at the NASA Aames Research Center as a counselor for U.S. Space Camp in California.  Kelly holds a bachelor’s degree in Computer Science from California State University, San Bernardino.  She was the recipient of a full academic scholarship from the National Science Foundation for her work in looking at the coupling and cohesion in object-oriented programs.

Admission is free


NoodleYard (a Coloft project):

Our friends at Coloft have launched a new job engine called NoodleYard. This is the hot new place to find local jobs and local talent. Check it out!


Several copies of Norton Products


Tweet or Share on Facebook a big thank you to our sponsors, @NoodleYard & Symantec. Our group hashtag is #LAMySQL.



Free & plentiful street parking.


If you'd like to carpool, please post your location in the carpool thread.
It's always a shame when we hear that someone wanted to attend but couldn't because of the distance.



If you want to hear about upcoming tech meetups, follow the organizers:




Join or login to comment.

35 went

Our Sponsors

People in this
Meetup are also in:

Create a Meetup Group and meet new people

Get started Learn more

I started the group because there wasn't any other type of group like this. I've met some great folks in the group who have become close friends and have also met some amazing business owners.

Bill, started New York City Gay Craft Beer Lovers

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy