Presentation Title: SQL Injection in APEX - More Attacks (& Defences)
Speaker: Mr Tim Austwick
Company: Recx
Co-presenter: Nathan Catlow - Recx
Presentation abstract: Security threats to web applications are ever present and increasingly exploited using automated tools. Our experience with security testing APEX applications show that in many cases exploitable SQL Injection conditions arose due to insecure code patterns. The impact of simple coding errors can be substantial, and allow an attacker to take control of the APEX instance and access sensitive data in the database. We will explain how simple code changes can fully protect against SQL Injection.

Presentation begins: 10/12/2014 10:00
Presentation duration: 50
Presentation content level: 2 (1 = indepth, 5 = strategic overview)
Audience experience: All Experience Levels
Audience function: Product Expert, Product User
Speaker biography: Tim has worked in both IT Security research and consulting roles for government departments and commercial organizations within the UK. He has identified vulnerabilities in a wide range of commercial software and developed exploitation toolsets.
Related topics: Development: APEX, Development: Database
Hall: 6