Keeping It Simple

Speaking on SQL Injection at MySQL Conference

O'Reilly MySQL Conference & Expo 2010

I’m speaking this year at the MySQL Conference & Expo 2010 in Santa Clara. Be sure to get your early registration discount by Feb 22! If you miss that deadline, get 25% off with this discount code: mys10fsp

I’m presenting a talk on SQL Injection Myths and Fallacies. This may seem like a topic that’s been done to death, but it’s important for all developers to understand it. This reminds me of a story:

My mother volunteers with the League of Women Voters. One of their activities is helping college students register to vote. So every year they set up a table on campus and help young people fill out the forms.

One day one of the women expressed frustration: “We’ve been doing this for ten years! When are these students going to learn how to register to vote for themselves?!”

The rest of the group looked at her blankly. Finally someone said calmly, “You realize that every year a new class of students becomes eligible to vote, right?

The woman who complained felt suitably embarrassed.

I’m going to cover the basics about SQL Injection, but I’ll also show how much of the advice about SQL Injection (even advice from noted security experts) misses the whole picture. I’ll also give some new techniques for remedies, that I seldom see in books or blogs. Come on by!

Posted

in

, ,

by

Bill Karwin

Tags:

Comments

4 responses to “Speaking on SQL Injection at MySQL Conference”

  1. Gareth Bowles Avatar
    Gareth Bowles

    I'd love to see this, but these conferences are so flippin' expensive that I just can't justify it. Do you think your presentation will be available online at some point ?

    Reply
  2. Bill Karwin Avatar
    Bill Karwin

    I post my slides online at http://slideshare.net/billkarwin after the conference. But I don't think the MySQL Conference videotapes all the sessions (just the keynotes).

    But Gareth — don't you work just down the road from my house? I need to practice my presentation anyway, and it's better with an audience! I could also do a brown-bag for your team.

    Reply
  3. Gareth Bowles Avatar
    Gareth Bowles

    That might be fun, Bill ! My team is down to me, Simon and Wayne now, but I'll see if they're as interested as I am and we'll buy you lunch for practicing on us.

    Reply
  4. akmal niazi khan Avatar
    akmal niazi khan

    This blog awesome and i learn a lot about programming from here.The best thing about this blog is that you doing from beginning to experts level.

    Love from

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.