The Burton Group Catalyst Europe conference held in Barcelona from Oct 22-25, 2007 was a blast. The conference sessions were informative and very educational as always. You will need to have a Burton Group login to access the conference postings. In addition to the conference, the city of Barcelona is so beautiful, that my family and I throughly enjoyed every minute there.

I presented on Stopping SQL Injection and Crossing over Cross-Site Scripting demonstrating the attacks and discussing the control measures. You can download the presentation by clicking on the link below.

Defenses against SQL Injection and Cross-site Scripting (XSS)

Stopping SQL Injection and Crossing over Cross-site Scripting (XSS) - Catalyst EU Presentation By Mano Paul

Session Abstract -
Two of the most prevalent application attacks in this day and age are SQL Injection and Cross-Site Scripting (XSS). Perimeter defense devices such as intrusion detection systems (IDS) and firewalls offer no protection against such attacks. The risk of sensitive information theft, alteration, insertion of data along with other effects such as URL redirection, website defacement and authentication theft are high and will be demonstrated. This session would demonstrate the effects of SQL Injection and XSS attacks and provide insight into the control measures to successful mitigate the risk against such attacks. It will also provide insight into the different process control measures that are necessary across the systems development life cycle to harden the code from within, so that such susceptibilities are addressed. Session takeaways include a complete understanding of the anatomy of SQL Injection and XSS attack, their effects when exploited and the mitigation control measures to stop SQL Injection and cross over XSS.