SQL Injection: From the Basics to Botnet-Based Attack Automation
SQL Injection is an enormous emerging data security threat, used to commit wide-scale fraud, steal from bank accounts, capture credit card numbers, distribute malware, and construct botnets. Neil Daswani reviews how SQL Injection works, provides examples of advanced and automated SQL injection attacks, outlines how to properly defend against attacks, and discusses why you must defend against them — even if you don’t store “sensitive” information in your databases.
Presenter: Neil Daswani has held R&D, teaching and managerial roles at Google, Stanford University, DoCoMo USA Labs, Yodlee, and Bellcore (now Telcordia). He is an expert in data security, and the lead author of “Foundations of Security: What Every Programmer Needs to Know.”
Date: Jun 19, 2008
(Free Registration Required)