[June 13] Porting Enterprise to OpenID Connect :: Shell Access via SQL Injection

What we'll do

The Melbourne Identity and Security Meetup is an informal evening open to all. We start with food, drink, and mingling, followed by two talks. The evening ends with a networking session at a local venue.

Please arrive at about 6.00pm for a 6.30pm start.

We value diversity and operate a strict code of conduct, for the comfort of all our members.

## Taking your auth to 2019: Porting enterprise systems to use OpenID Connect - Rachel Howard

We recently uplifted a major organisation's authentication and authorisation into the modern era with Oauth2 and OpenID Connect. Come along and learn from our mistakes and successes in modernising auth infrastructure while maintaining full backward compatibility.

Rachel is a full-stack software developer at the consulting company Shine Solutions. Currently working on-site at a major Australian energy retailer, she has spent a lot of her time there working on authentication and authorisation systems and learned a lot of lessons about developing auth solutions at the enterprise level.

## How To Gain Shell Access by Exploiting an SQL Injection Vulnerability - Damien Buttler

Demonstrating the most common web vulnerability, Damien will guide you through the process of exploiting bad code that is allowing an SQL injection attack to log you in as another user without knowing their password as well as install a backdoor and obtain shell access to the server.

Damien Buttler is a software developer with an interest in security and loves to tinker with things.

## Sponsors

This meetup is supported and catered by Auth0 (https://auth0.com) and the venue is provided by Shine Solutions (https://shinesolutions.com/).