addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartexportfacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

SQL Injection Myths & Fallacies: Best practices of defense

SQL Injection Myths & Fallacies: Best practices of defense against top web security issue.

The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application security. In this presentation, you'll see some common myths busted and you'll get a better understanding of defending against SQL injection.

Bill Karwin
Bill Karwin (twitter / blog), author of SQL Antipatterns, has been a software engineer for over twenty years, developing and supporting applications, libraries, and servers such as Zend Framework for PHP 5, the InterBase relational database, and the Enhydra Java application server. Throughout his career, Bill has shared his knowledge to help other programmers achieve success and productivity. Bill has answered thousands of questions, giving him a unique perspective on SQL mistakes that most commonly cause problems.

6:30 - 7:00 -- Doors open/general socializing & food provided by Percona
7:00 - 7:15 -- Intro/announcements
7:15 - 8:00(ish) -- Main presentation by Bill Karwin
8:00 - 9:00 -- Main presentation Q&A
9:00 - 10:00 -- General discussion/Q&A/networking/etc.
10:00ish -- post-event socializing... aka beers someplace nearby

Join or login to comment.

  • Mike T.

    The edited version of this event's video can be found at:

    Thanks to Max Walker & Marakana!

    December 8, 2010

  • Bill K.

    I found the quotation I tried to remember during the presentation: "Security, like correctness, is not an add-on feature." - Andrew S. Tanenbaum

    November 19, 2010

  • A former member
    A former member

    Fantastic presentation.

    November 12, 2010

  • David S.

    I enjoyed the talk, the technical information was presented well. I really appreciated the perspective he brought to this issue - that it was specifically the responsibility of developers to expect and mitigate this type of attack.

    November 12, 2010

  • Bill K.

    Very nicely organized and easy to attend. Lots of fine people to meet!

    November 11, 2010

  • Donna B.

    Nicely organized presentation.

    November 11, 2010

  • Barry D.

    It was a good and coverage of the issue, and provoked thinking about how to best protect data efficiently.

    November 11, 2010

  • Paul H.

    A good look at how to defend your website and also how to think about the web business at large and where to place the idea of security in it. Focus on the basics, get fancy slowly.

    November 11, 2010

  • Bill K.

    For folks who want to see my slides, they're online at

    November 10, 2010

  • Bill K.

    My publisher, Pragmatic Bookshelf, offers a 20% off for SF MySQL Meetup members through Nov. 17. Enter the code "20_bksqla_MySQL_SF" when buying my book in hardcopy, ebook, or combo at

    November 10, 2010

  • Alex N.

    Thanks for the heads up about this, Mike!

    November 3, 2010

42 went

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy