Colin Angus Mackay is a Software Developer from Edinburgh, now living in Glasgow. He was a Microsoft MVP (C#) for 4 years. He has worked with Microsoft Visual C++ since about Version 2.1. He has been playing with the .NET Framework and C# since it was in beta but has been using it commercially since late 2002. He originally started programming when he was about 9 years old, on a Sinclair ZX Spectrum with an amazing 48K memory! Naturally he went for a computing degree. After leaving university he co-founded a company that developed a GIS product but he is now develops software for the bridal- and formal- wear industry.
In light of some recent events, such as the man who was convicted of stealing 130 million credit card details through a SQL Injection attack, it is imperative that developers understand what a SQL Injection Attack is, how they are carried out, and most importantly, how to defend your code against attack.
In this talk Colin Mackay will demonstrate a SQL Injection Attack on an application in a controlled environment. He’ll show you where the vulnerable code lies and what you can do to harden it.
Although this talk uses C# as the application language and Microsoft SQL Server 2008 as the database engine many of the concepts and prevention mechanisms will apply to any application that accesses a database through SQL.