Matt Fisher - Everything About SQL Injection (Video)

This presentation would give a short overview of the challenges of web application security and managing web application security then dive into what is probably the most dangerous web app exploit of all: SQL Injection. Learn the basics of SQL Injection in a clearly articulated format, advanced techniques for hairy situations, then move onto Blind SQL Injection and more advanced exploits. Many people know the basics of SQL Injection, but they don't necessarily understand all it's nuances, and few even understand the real fix for it (hint, it's not input validation, nor is it even stored procedures). Matt Fisher is a Senior Security Engineer for SPI Dynamics, the leader in web application assessment software. He has compromised multiple web applications including National Security Information Systems, multi-billion dollar extranets, and more (legally folks, legally). He frequently consults to the military, Federal government, and various law enforcement agencies, is a registered subject matter expert for DISA, and has trained staff at several scary agencies. Not just a Hollywood hacker, he performs primary research in his copious spare time and can claim several new exploit and assessment techniques as his own.