Columbus

Local News
– REMINDER – Next chapter meeting - 7/7/2008; details below We are still seeking one or two more board members and to get the local community involved by publicizing the chapter. We are currently planning activities for the remainder of 2008; at least one chapter meeting per quarter - more if interest warrants.

To submit educational topics for upcoming meetings, please submit your powerpoint using the OWASP Template and include a speaker BIO. Any inquiries regarding chapter or meeting sponsors can be directed to [mailto:owasp(at)hayesdf.com Chris Hayes]. Please begin the subject header with: [OWASP COLUMBUS].

Thank you!

July 2008 Meeting
When: July 7th, 2008, 11:00 AM - 1:00 PM, Doors open at 10:30 AM; ** Refreshments Provided **

Where: Heritage Room, One Nationwide Plaza, Columbus, OH 43215

Parking: Recommend parking the Front St. Garage; take Skywalk from the garage over to the Nationwide Plazas. Signs will be posted.

General Session Topic: A2 - Injection Flaws - SQL Injection

Who: Chris Hayes & Greg Green (Nationwide - OWASP Columbus, OH - Chapter Leaders)

Chris and Greg will be collaborating to present an in-depth presentation on SQL injection. Per OWASP: "Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data."

The presentation will consist of:

1. A brief overview of injection flaws. 2. Different types of SQL injection. 3. Common methods / technologies to prevent SQL injection 4. Examples of input validation at the following tiers (http://en.wikipedia.org/wiki/N-tier): a. Client side b. Presentation tier c. Application tier d. Data tier 5. Q&A / General Discussion