IT vulnerabilities leading to data breaches have been getting a lot of attention in the news, ranging from elaborate supply-chain attacks to ransomware. You may even have read about things like advanced cryptographic timing attacks or buffer overruns. But there’s one vulnerability as old as SQL itself, and it still reigns supreme when it comes to compromising your confidential information:

The SQL Injection.

This is not just about your homepage. SQL injections can be found everywhere, including your ETL frameworks, your desktop apps, even your login prompts.

I’ll show you a wide range of code patterns that bad actors can exploit, from the obvious to the obscure, but we’ll also look at ways to prevent or mitigate the effects of SQL injection attacks.

In this presentation, you will gain a firm understanding of

* the primary and secondary risk factors involved in SQL injection,
* what to look for — in your code as well as in the database itself,
* ways to detect SQL injections, and
* how to plug those vulnerabilities — whether you can change code or not.