gnu-misc-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NYC LOCAL: Thursday 16 June 2011 UNIGROUP: Anthony Ferrara on Preventing


From: secretary
Subject: NYC LOCAL: Thursday 16 June 2011 UNIGROUP: Anthony Ferrara on Preventing SQL Injection Attacks with MySQL
Date: Wed, 28 Mar 2012 19:06:15 -0000

<blockquote
  what="official UNIGROUP announcement"
  rsvp="registration requested, see below"
  entrance-fee="yes, see http://www.unigroup.org/unigroup-fees.html";
  location="The Cooper Union School of Engineering, see below"
  info="http://www.unigroup.org";
  personal="Today, despite much press in computer journals, the
            Theory of Types is hardly applied where it would do the most
            good, namely in the design of more secure computer
            communications systems.  Most 'command injection' attacks are
            made possible by an absurd unconscious conflation of code and
            input.  As all Lispers know, code is data, and data code, but we
            decide when and where to apply the code <==> data functors."
  more="http://en.wikipedia.org/wiki/Theory_of_Types
        [page was last modified on 20 May 2011 at 07:32]
        http://en.wikipedia.org/wiki/Type_system
        [page was last modified on 11 June 2011 at 04:55]
        http://en.wikipedia.org/wiki/Buffer_overrun
        [page was last modified on 11 April 2011 at 19:46]"
  lisp-to-php:"Tamreen Khan's Lisp to PHP compiler:
               http://scriptor.github.com/pharen/";
  edits="some paragraphs removed so notice fits in mailboxen">

 Date: Sun, 12 Jun 2011 19:44:04 -0400 (EDT)
 From: Unigroup_of_NY <address@hidden>
 Subject: UNIGROUP 16-JUN-2011 (Thu): Preventing SQL Injection Attacks with 
MySQL


 Unigroup is THIS THURSDAY...
 Please RSVP if you will be attending...

 =================================================================
 UNIGROUP OF NEW YORK - UNIX USERS GROUP - JUNE 2011 ANNOUNCEMENTS
 =================================================================

    -----------------------------------
 1. UNIGROUP'S JUNE 2011 MEETING NOTICE
    -----------------------------------

       When:  THURSDAY, June 16th, 2011    (** Regular 3rd Thursday **)

      Where:  The Cooper Union  <http://www.cooper.edu>
              School of Engineering  (*** New Building ***)
              41 Cooper Square  (3rd Avenue @ 7th St, between 6th & 7th Streets)
              East Village, Manhattan
              New York City, 10003
              Meeting Room: LL101_CS       (** LL=Lower Level **)
              ** Please RSVP **

       Time:  6:15 PM - 6:30 PM  Registration
              6:30 PM - 6:45 PM  Ask the Wizard, Questions,
                                 Answers and Current Events
              6:45 PM - 7:00 PM  Unigroup Business and Announcements
              7:00 PM - 9:30 PM  Main Presentation

       Cost:  See the Meeting+Membership Fee Schedule Below.

              -------------------------------------------
      Topic:  Preventing SQL Injection Attacks with MySQL
              -------------------------------------------

    Speaker:  Anthony Ferrara,
              Senior PHP developer,
              NBC Universal.

    -------------------------------------------------------------------

    INTRODUCTION:
    -------------

    Unigroup is pleased to announce our June 2011 meeting on Preventing
    SQL Injection Attacks with MySQL.  Our speaker Anthony Ferrara has
    presented to Unigroup twice before, on "Serving High Performance Web
    Sites - Where Apache Fails" and "Web Development: The Joomla! Content
    Management System".

    Unigroup's meeting calendar currently looks like:
      16-JUN-2011:  SQL Injection Attacks & MYSQL (Anthony Ferrara).
      21-JUL-2011:  Intel x86-32/64 Architecture, Part 2 (INTEL/Charles Milo).
      15-SEP-2011:  NFS and NFS Caching (Alacritech).
      17-NOV-2011:  OpenAFS (Jeff Altman).

    Reserve the dates!  (No regular meeting in August.)

    -------------------------------------------------------------------

    SPECIAL INSTRUCTIONS:
    ---------------------

    To REGISTER for this event, please RSVP by using the Unigroup
    Registration Page:
          http://www.unigroup.org/unigroup-rsvp.html

    This will allow us to automate the registration process.
    (Registration will also add you to our mailing list.)
    Please avoid Emailed RSVPs.

    Please continue to check the Unigroup web site and meeting page,
    for any last minute updates concerning this meeting.  If you
    registered for this meeting, please check your Email for any last
    minute announcements as the meeting approaches.  Also make sure
    any anti-spam white-lists are updated to _ALLOW_ Unigroup traffic!
    If you block Unigroup Emails, your address will be dropped from
    our mailing list.

    Also, if you have an interest in Unigroup, be sure to receive
    Unigroup information DIRECTLY from Unigroup, via direct receipt
    of Emails and by visiting the Unigroup Web Site.  NO OTHER SOURCE
    provides timely, accurate and complete Unigroup information.

    Please RSVP as soon as possible, preferably at least 2-3 days
    prior to the meeting date, so we can plan the food order.
    RSVP deadline is usually the night before the meeting day.

    Note: RSVP is requested for this location to make sure the guard
          will let you into the building.  RSVP also helps us to
          properly plan the meeting (food, drinks, handouts,
          seating, etc.) and speed up your sign-in at the meeting.
          If you forget to RSVP prior to the meeting day, you may
          still be able to show up and attend our meeting, however,
          we cannot guarantee what building security will do if
          you are "not on the list".

    -------------------------------------------------------------------

    MAIN PRESENTATION
    -----------------

    Topic:  Preventing SQL Injection Attacks with MySQL

    Introduction & Description of Talk:
    -----------------------------------

    OWASP (Open Web Application Security Project) lists SQL Injection as
    the #1 vulnerability risk to web based applications today.  In fact,
    it's estimated that as many as half a million attempted exploits are
    performed each and every single day.

    In this talk, we will take a look at SQL Injection with respect to
    MySQL, and how to successfully prevent it.  We'll look at and
    demonstrate some known attack vectors.  We will also demonstrate and
    describe a new attack vector using PHP and MySQL, and show how to
    mitigate it.  We will look at the tools that are available to
    mitigate attacks, and if the tools actually work or not.  We'll also
    take a look at what can be done by MySQL to help combat injections
    from the core.

    Outline of Talk:
    ----------------

    To-be-announced.

    References & Web Resources:
    ---------------------------

    To-be-announced.

    -------------------------------------------------------------------

    Speaker Biography:
    ------------------

    Anthony Ferrara is a senior PHP developer for NBC Universal, Zend
    Certified Engineer and OWASP member. He is a contributor to
    multiple Open Source projects as well as the community as a whole.
    He is also a former Core Team Member and Development Coordinator
    for the Joomla! project, as well as a former leader of its Security
    team.  You can follow his blog at blog.ircmaxell.com or on Twitter
    at (-AT-)ircmaxell.

    -------------------------------------------------------------------

    Company Biography:
    ------------------

    (see above)

    -------------------------------------------------------------------

    Giveaways:
    ----------

    Addison-Wesley Professional/Prentice Hall PTR, and O'Reilly have
    been kind enough to provide us with review copies of some of their
    books, which we will continue to raffle off as giveaways at our
    meetings.  The publishers always ask that the persons receiving
    the books provide a review and/or feedback about their books.

    Unigroup would like to thank both companies for the support
    provided by their User Group programs.

    As always, all of the books will be available for review at the
    start of the meeting.

    We have some Solaris Related CD-ROMs from our friends at the
    local NYC Sun Microsystems Office.

    -------------------------------------------------------------------

    Fee Schedule:
    -------------

    Unigroup is a Professional Technical Organization and User Group,
    and its members pay a yearly membership fee.  For Unigroup members,
    there is usually no additional charges (ie. no meeting fees) during
    their membership year.  Non-members who wish to attend Unigroup
    meetings are usually required to pay a "Single Meeting Fee".

        Yearly Membership (includes all meetings):      $ 50.00
        Student Yearly Membership (with current! ID):   $ 25.00
        Non-Member Single Meeting Fee:                  $ 20.00
        Non-Member Student Single Meeting (with! ID):   $  5.00

      * Payment Methods: Cash, Check, American Express.

      ! Students: We are looking for proof that you are
        currently enrolled in classes (rather than working
        full-time), and as such, your Student ID should show
        a CURRENT date.  We have been presented Student IDs
        containing NO dates whatsoever, and in the
        current environment, perpetual/non-expiring access
        to university facilities just does not feel right.
        If your ID contains no date, please bring
        additional proof of current enrollment.  Thanks,

    NOTE: Simply receiving Unigroup Email Announcements does
          NOT indicate membership in Unigroup.

    Members: Remember to bring your Unigroup membership card with
             you to the meeting, to confirm your yearly renewal date!

    -------------------------------------------------------------------

    Food:
    -----

    Complimentary Food and Refreshments will be served.  This
    includes "wraps" such as turkey, roast beef, chicken, tuna
    and grilled vegetables as well as assorted salads (potato,
    tossed, pasta, etc), cookies, brownies, bottled water and
    assorted SOFT beverages.

    -------------------------------------------------------------------

    Directions:
    -----------

      The Cooper Union  <http://www.cooper.edu>
      School of Engineering  (*** New Building ***)
      41 Cooper Square (3rd Avenue @ 7th St, between 6th & 7th Streets)
      East Village, Manhattan
      New York City, 10003
      Meeting Room: ** (See Above, Room May Change Month-to-Month)

    Located on the East side of Cooper Square.  Look for the
    new building with the non-traditional appearance.
    Entrance is at the corner of 3rd Avenue and 7 Street.

    Building lobby sign-in is required at the guard's desk.
    Enter the building, check in with the guard at the lobby for
      directions to Unigroup (the room varies from month-to-month).

    Nearest mass transit stations are:
      '6'           to Astor Place (stops right at The Cooper Union),
                    then walk 1 block East and 1 block South.
      'R'           to 8th Street, then walk about 2 blocks East
                    then 1 block South.
      '4/5/6/R/N/Q' to Union Square, then walk South and East.
      'B/D/F/V'     to Broadway-Lafayette, then walk North and East.

    Free street parking in the area becomes available at 6pm.

    There are also parking lots on Broadway, at (or just south of)
      Astor Place (8th Street).

    -----

    Please mark this meeting on your calendar and join us!
    Please tell your friends about Unigroup!

 ----------------------------------------------------------------------------
 < ... />
 ----------------------------------------------------------------------------

    =========================================================================
    = For Unigroup Information, Events and Meeting Announcements be sure to =
    = visit our World Wide Web Home Page:                                   =
    =       http://www.unigroup.org                                         =
    =========================================================================

    For further information or to get on the Unigroup Electronic Mail Mailing
    List send an EMail message to:
         unilist (-a_t-) unigroup.org

    To contact the Board of Directors of Unigroup, send an EMail message to:
         uniboard (-a_t-) unigroup.org

    If you have recently attended a meeting and you are not receiving
    Email announcements, please send us an Email and we will make
    corrections to our lists.

    Please Email the Board with any suggestions, especially potential
    meeting topics and speakers.  Unigroup welcomes contributions and
    content suggestions for our newsletter.  Unigroup is a volunteer
    organization and we need your assistance!  Please let us know if you
    can help!

 ----------------------------------------------------------------------------
 ----------------------------------------------------------------------------

 -Rob Weiner
  Unigroup Executive Director
  unilist (-a_t-) unigroup.org
  http://www.unigroup.org
    
</blockquote>


Distributed poC TINC:

Jay Sulzberger <address@hidden>
Corresponding Secretary LXNY
LXNY is New York's Free Computing Organization.
http://www.lxny.org


reply via email to

[Prev in Thread] Current Thread [Next in Thread]