The Old Dog of Data Security — SQL Injection - Daniel Hutmacher

This is an in-person only event.

Välkommen till Stockholm SQLs första träff. Vi träffas i B3s fina lokaler på Wallingatan 2 i Stockholm. Stort tack till B3 DBAce för att ni vill vara värd för vår första träff, det uppskattas mycket.
Kvällens talare är Daniel Hutmacher från Structured Concepts i Stockholm.

Welcome to Stockholm SQL's first meetup. We're gathering at B3's beautiful offices on Wallingatan 2 in Stockholm. A big thank you to B3 DBAce for hosting our inaugural event — it's greatly appreciated.
Tonight's speaker is Daniel Hutmacher from Structured Concepts in Stockholm.

The old dog of data security - SQL Injection

IT vulnerabilities leading to data breaches have been getting a lot of attention in the news, ranging from elaborate supply-chain attacks to ransomware. You may even have read about things like advanced cryptographic timing attacks or buffer overruns. But there’s one vulnerability as old as SQL itself, and it still reigns supreme when it comes to compromising your confidential information:

The SQL Injection.

This is not just about your homepage. SQL injections can be found everywhere, including your ETL frameworks, your desktop apps, even your login prompts.

I’ll show you a wide range of code patterns that bad actors can exploit, from the obvious to the obscure, but we’ll also look at ways to prevent or mitigate the effects of SQL injection attacks.

In this presentation, you will gain a firm understanding of

* the primary and secondary risk factors involved in SQL injection,
* what to look for — in your code as well as in the database itself,
* ways to detect SQL injections, and
* how to plug those vulnerabilities — whether you can change code or not.