« Return to event
Time: 1:30 PM - 2:15 PM
Track: Track 1
While performing security assessments for a diverse range of sites that used Application Express we observed a common theme: SQL Injection vulnerabilities that allowed attackers to access and manipulate sensitive data. Complex Apex applications have a lot of custom PL/SQL code behind the scenes that can introduce vulnerabilities into the system.
This presentation will demonstrate the power of a SQL Injection vulnerability in the hands of an attacker. We will present the four forms of SQL Injection we commonly see in Apex applications, along with code examples taken from real-world systems, and discuss the ways in which the code can be restructured to mitigate the security threat.
Published: 19.06.2017 - This document is restricted to members