On Thursday, December 14, at 3 PM Eastern, I will be giving a presentation on SQL injection. Registration is required but otherwise the webinar is free:
This is put on by the MSSQLTips folks and we hope you’ll find it informative. If there’s anything specific you’d like me to cover, please comment on this post and I will see if I can work it in.
Here is the abstract:
While we might wish SQL injection was no longer a problem in our industry, multiple large breaches in 2017 alone reveals that it still is a problem. The largest among them was the Equifax breach, for which security researchers found a number of vulnerabilities in public facing web sites, which included sites vulnerable to SQL injection attacks.
In this webinar we’ll look at how a SQL injection attack works, what an attacker can gain using a SQL injection attack, and how we might prevent such an attack.
We’ll also look beyond Microsoft SQL Server, since the best layer for an attack is any layer that processes the input.