[TriPython] TriPython February 2020 Meeting: Protect python applications from SQL injections

Calloway, Chris cbc at unc.edu
Mon Feb 24 09:41:50 EST 2020 

This month's features speaker is Thursday in Raleigh at WebAssign/Cengage on the NCSU Centennial Campus.

https://www.meetup.com/tripython/events/268296070/

When: Thursday, February 27, 7pm

Where: WebAssign/Cengage,  Centennial Campus, 1791 Varsity Dr., Suite 200, Raleigh

What: SQL Injection is illustrated here: https://xkcd.com/327/.<https://xkcd.com/327/> Your Python code can be vulnerable to SQL injections! In this talk I will show a real example where a simple Python rest api can be vulnerable to injection and full database leak. I will do a demo where we will use sqlmap program to sucessfully exploit the purposely created vulnerable python app. Finally, we will talk about what we can do to protect against SQL injections.

Our speaker, Alexander Rubin currently works as a director of data architecture for VirtualHealth (medical startup). Alexander has worked with MySQL since 2000 as DBA and Application Developer. Alexander has worked as a MySQL principal consultant/architect for over 12 years, starting with MySQL AB in 2006 (company behind MySQL database), Sun Microsystems, Oracle, and then Percona. He helped many customers design large, scalable and highly available MySQL systems, optimize MySQL performance and improve MySQL security.

Extemporaneous "lightning talks" of 5-10 minute duration are also welcome and don't need to be pre-announced. Plenty of free-after hours parking is available in the upper level of the deck behind WebAssign (turn through the median just before the intersection of Varsity and Main Campus Drives). If the door is locked, call the number posted on the door. An after-meeting location for food and beverage will be decided at the meeting (usually BaDa Wings at Mission Valley). Come join us for a fun and informative evening.

--
Sincerely,

Chris Calloway
Applications Analyst
University of North Carolina
Renaissance Computing Institute
(919) 599-3530

-------------- next part --------------
   This month's features speaker is Thursday in Raleigh at WebAssign/Cengage
   on the NCSU Centennial Campus.

    

   [1]https://www.meetup.com/tripython/events/268296070/

    

   When: Thursday, February 27, 7pm

    

   Where: WebAssign/Cengage,  Centennial Campus, 1791 Varsity Dr., Suite 200,
   Raleigh

    

   What: SQL Injection is illustrated here: [2]https://xkcd.com/327/. Your
   Python code can be vulnerable to SQL injections! In this talk I will show
   a real example where a simple Python rest api can be vulnerable to
   injection and full database leak. I will do a demo where we will use
   sqlmap program to sucessfully exploit the purposely created vulnerable
   python app. Finally, we will talk about what we can do to protect against
   SQL injections.

   Our speaker, Alexander Rubin currently works as a director of data
   architecture for VirtualHealth (medical startup). Alexander has worked
   with MySQL since 2000 as DBA and Application Developer. Alexander has
   worked as a MySQL principal consultant/architect for over 12 years,
   starting with MySQL AB in 2006 (company behind MySQL database), Sun
   Microsystems, Oracle, and then Percona. He helped many customers design
   large, scalable and highly available MySQL systems, optimize MySQL
   performance and improve MySQL security.

   Extemporaneous "lightning talks" of 5-10 minute duration are also welcome
   and don't need to be pre-announced. Plenty of free-after hours parking is
   available in the upper level of the deck behind WebAssign (turn through
   the median just before the intersection of Varsity and Main Campus
   Drives). If the door is locked, call the number posted on the door. An
   after-meeting location for food and beverage will be decided at the
   meeting (usually BaDa Wings at Mission Valley). Come join us for a fun and
   informative evening.

    

   -- 

   Sincerely,

    

   Chris Calloway

   Applications Analyst

   University of North Carolina

   Renaissance Computing Institute

   (919) 599-3530

    

References

   Visible links
   1. https://www.meetup.com/tripython/events/268296070/
   2. https://xkcd.com/327/.
	https://xkcd.com/327/

More information about the TriZPUG mailing list