Articles & Content

Archives

Detecting SQL Injection and Truncation Attacks Against DB2 (D10)

Topic: DB2 for LUW

Subtopic: 2009



DATE: 2009-10-7 (09:45 - 10:45)
SPEAKERS: Robert Williams (MHC, Inc.)

A large security problem is caused by SQL injection or truncation, where SQL is changed such that results or queries are compromised. While this problem has existed since SQL was invented, hackers continue to find exploits in new applications.This presentation will introduce techniques and new free, open source tools for detecting SQL injection and truncation attacks against DB2 applications. It will walk through how these attacks are done, how to code to protect against them, and how these new tools work. Attendees will also be shown how to contribute to the project to enhance the security of applications using DB2.

EXP. LEVEL: Beginner,Intermediate,Advanced

OBJECTIVES:

Understanding the most commonly introduced Application developer security Issues for DB2

How to protect against injections and truncation attacks

How to use the new tools

Automated static analysis of stored procedures and adding your own rules

Future plans and improvements in the project



Click Here to Download

NOTE: These are only open to members of IDUG. If you are not a member, please CLICK HERE for more information.