Unigroup's June 2011 Meeting Announcement

Preventing SQL Injection Attacks with MySQL

Anthony Ferrara, Senior PHP Developer,
NBC Universal

Thursday, 16-JUN-2011      (** 3rd Thursday **)

The Cooper Union
School of Engineering   (*** NEW BUILDING ***)
41 Cooper Square    (3rd Avenue @ 7th Street, between 6th & 7th Streets)
East Village, Manhattan
New York City, 10003
Meeting Room: LL101_CS   (Note: Room Changes Month-to-Month)
** Please RSVP **

6:15 - 6:30 PM Registration
6:30 - 6:45 PM Ask the Wizard - Questions, Answers and Current Events
6:45 - 7:00 PM Unigroup Business
7:00 - 9:30 PM Main Presentation

Please see the Fee Schedule below.


Unigroup is pleased to announce our June 2011 meeting on Preventing SQL Injection Attacks with MySQL. Our speaker Anthony Ferrara has presented to Unigroup twice before, on "Serving High Performance Web Sites - Where Apache Fails" and "Web Development: The Joomla! Content Management System".


   To REGISTER for this event, please RSVP by using the
       Unigroup Registration Page.

   This will allow us to automate the registration process.
   (Registration will also add you to our mailing list.)
   Please avoid emailed RSVPs.

   Please continue to check the Unigroup web site and THIS page,
   for any last minute updates concerning this meeting.  If you
   registered for this meeting, please check your email for any last
   minute announcements as the meeting approaches.  Also make sure
   any anti-spam white-lists are updated to _ALLOW_ Unigroup traffic!
   If you block Unigroup Emails, your address will be dropped from
   our mailing list.

   Also, if you have an interest in Unigroup, be sure to receive
   Unigroup information DIRECTLY from Unigroup, via direct receipt
   of Emails and by visiting the Unigroup Web Site.  NO OTHER SOURCE
   provides timely, accurate and complete Unigroup information.

   Please RSVP as soon as possible, preferably at least 2-3 days
   prior to the meeting date, so we can plan the food order.
   RSVP deadline is usually the night before the meeting day.

   Note: RSVP is requested for this location to make sure the guard
         will let you into the building.  RSVP also helps us to
         properly plan the meeting (food, drinks, handouts,
         seating, etc.) and speed up your sign-in at the meeting.
         If you forget to RSVP prior to the meeting day, you may
         still be able to show up and attend our meeting, however,
         we cannot guarantee what building security will do if
         you are "not on the list".


      The Cooper Union  (http://www.cooper.edu)
      School of Engineering  (*** New Building ***)
      41 Cooper Square (3rd Avenue @ 7th Street, between 6th & 7th Streets)
      East Village, Manhattan
      New York City, 10003
      Meeting Room: ** (See Above, Room May Change Month-to-Month)

   Located on the East side of Cooper Square.  Look for the
   new building with the non-traditional appearance.
   Entrance is at the corner of 3rd Avenue and 7th Street.

   Building lobby sign-in is required at the guard's desk.
   Enter the building, check in with the guard at the lobby for
     directions to the Unigroup Meeting Room.

   Nearest mass transit stations are:
     '6'           to Astor Place (stops right at The Cooper Union),
                   then walk 1 block East and 1 block South.
     'R'           to 8th Street, then walk about 2 blocks East
                   then 1 block South.
     '4/5/6/R/N/Q' to Union Square, then walk South and East.
     'B/D/F/V'     to Broadway-Lafayette, then walk North and East.

   Free street parking in the area becomes available at 6pm.

   There are also parking lots on Broadway, at (or just south of)
     Astor Place (8th Street).


Topic: Preventing SQL Injection Attacks with MySQL

Introduction & Description of Talk:

OWASP (Open Web Application Security Project) lists SQL Injection as the #1 vulnerability risk to web based applications today. In fact, it's estimated that as many as half a million attempted exploits are performed each and every single day.

In this talk, we will take a look at SQL Injection with respect to MySQL, and how to successfully prevent it. We'll look at and demonstrate some known attack vectors. We will also demonstrate and describe a new attack vector using PHP and MySQL, and show how to mitigate it. We will look at the tools that are available to mitigate attacks, and if the tools actually work or not. We'll also take a look at what can be done by MySQL to help combat injections from the core.

Outline of Talk:


References & Web Resources:



Anthony Ferrara is a senior PHP developer for NBC Universal, Zend Certified Engineer and OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at blog.ircmaxell.com or on Twitter at (-AT-)ircmaxell.


(see above)


Addison-Wesley Professional/Prentice Hall PTR, and O'Reilly have been kind enough to provide us with review copies of some of their books, which we will continue to raffle off as giveaways at our meetings. The publishers always ask that the persons receiving the books provide a review and/or feedback about their books.

Unigroup would like to thank both companies for the support provided by their User Group programs.

As always, all of the books will be available for review at the start of the meeting.

We have some Solaris Related CD-ROMs from our friends at the local NYC Sun Microsystems Office.


Unigroup is a Professional Technical Organization and User Group, and its members pay a yearly membership fee. For Unigroup members, there is usually no additional charges (ie. no meeting fees) during their membership year. Non-members who wish to attend Unigroup meetings are usually required to pay a "Single Meeting Fee".

         Yearly Membership (includes all meetings):      $ 50.00
         Student Yearly Membership (with current! ID):   $ 25.00
         Non-Member Single Meeting:                      $ 20.00
         Non-Member Student Single Meeting (with! ID):   $  5.00

       * Payment Methods: Cash, Check, American Express.

       ! Students: We are looking for proof that you are
         currently enrolled in classes (rather than working
         full-time), and as such, your Student ID should show
         a CURRENT date.  We have been presented Student IDs
         containing NO dates whatsoever, and in the
         current environment, perpetual/non-expiring access
         to university facilities just does not feel right.
         If your ID contains no date, please bring
         additional proof of current enrollment.  Thanks.

NOTE: Simply receiving Unigroup Email Announcements does NOT indicate membership in Unigroup.

Members: Remember to bring your membership card with you to the meeting, to confirm your yearly renewal date!


Complimentary Food and Refreshments will be served. This includes "wraps" such as turkey, roast beef, chicken, tuna and grilled vegetables as well as assorted salads (potato, tossed, pasta, etc), cookies, brownies, bottled water and assorted beverages.

Please join us for this meeting, you won't want to miss it!

[Unigroup Home]

Webmaster (unilist@unigroup.org)

Copyright © 2011 Unigroup of New York, Inc., All rights reserved.