Articles & Content

Archives

Detecting SQL Injection and Truncation Attacks Against DB2 (D10)

Topic: 2009 EU

Subtopic: DB2 for LUW



DATE: 2009-10-7 (09:45 - 10:45)
SPEAKERS: Robert Williams (MHC, Inc.)

A large security problem is caused by SQL injection or truncation, where SQL is changed such that results or queries are compromised. While this problem has existed since SQL was invented, hackers continue to find exploits in new applications.This presentation will introduce techniques and new free, open source tools for detecting SQL injection and truncation attacks against DB2 applications. It will walk through how these attacks are done, how to code to protect against them, and how these new tools work. Attendees will also be shown how to contribute to the project to enhance the security of applications using DB2.

EXP. LEVEL: Beginner,Intermediate,Advanced

OBJECTIVES:

Understanding the most commonly introduced Application developer security Issues for DB2

How to protect against injections and truncation attacks

How to use the new tools

Automated static analysis of stored procedures and adding your own rules

Future plans and improvements in the project



This file is being provided by IDUG. We would encourage you to join IDUG to get full access to all of our files and resources. Joining IDUG is FREE and signing up is simple. Click here to join! or login!

Download File
Click to Download

NOTE: These are only open to members of IDUG. If you are not a member, please CLICK HERE for more information.