This presentation will introduce SQL injection to the new web application hacker. It will walk you through web architectures and vulnerable code examples. You will learn how to set up a penetration testing lab with vulnerable applications, find SQL injection vulnerabilities, and hack them to bits. After you understand the problem, you'll learn how to prevent them in the first place along with how to defend against SQL injection attacks.

Jason is the senior security engineer for a global non-profit. With a security team of 2 and a product portfolio of over 50 software applications, he has his hands full working with developers to design secure applications, conducting web application penetration tests, and performing incident response when it hits the fan.

Big thanks to Damian Profancik for recording these.

Back to Derbycon 2012 video list