Learn what SQL Injections are, how to deal with them and how to prevent them. I recently went to a SQL Injection club meeting to see what the club was about and what they offered. After sitting in there for 20 minutes, I realized this club was very professional like. Guys with Apple mac books, Linux laptops, and some even running dual boot UNIX/Linux.
I felt left out, running on my Windows Vista, I looked like a complete amateur. The people in the room were almost all hired by small companies to secure their websites and such. I was there to learn...
The presentation was very informative and well written/done. I wanted to share with you PHP followers to how much damage can be done with a simple quotation mark. I simply want to share this presentation with you folks :)
In this presentation, Sean Taylor gives a good general overview of SQL Injection, and some good general advice for web application security. Some example code is PHP-centric (because it _is_ PHP! :), but the concepts apply to pretty much any language, framework, or trained monkey that uses data supplied by the user in database queries. The presentation includes several examples of SQL injection in action on test pages that Sean made. The example using SQL injection to find out things about unsalted passwords is also worth a glance for those who aren't sold on using salts in their application
Download the .ppt file of this presentation
Learn more about SQL injection on Wikipedia
Watch a presentation on SQL injection from ToorCon 2006
Download a .pdf whitepaper about PHP security
Source (Cal Poly Pomona Computer Science Department) |
Subscribe
Only club members can post here
Add Comment