A few weeks ago, Bill Karwin did a must watch webinar on the prevention SQL Injection titled “SQL Injection Myths and Fallacies“.
Bill Karwin (twitter, new blog, old blog, Amazon) is famous for much work in the SQL database community, including InterBase/Firebird, mySQL, Oracle and many more.
He also:
- was product manager of InterBase (its screaming multi-generational database architecture – invented in the 80s by Jim Starkey, based on immutability now far more widespread and called MultiVersion Concurrency Control – still baffles many people)
- worked on Firebird
- is author of the book The Pragmatic Bookshelf | SQL Antipatterns: Avoiding the Pitfalls of Database Programmings, available on Amazon.
- is autohor of IBPerl
- is frequent answerer on many SQL related forums and QA sites, for instance Bill on StackOverflow
Anyway, his webinar is awesome. Be sure to get the slides, watch the replay, and read the questions follow up.
Watching it you’ll get a better understanding of defending against SQL injection.
A few very valuable points he made: Read the rest of this entry »