TriPython February 2020 Meeting: Protect python applications from SQL injections

To get full and timely notifications of all TriPython events and discussions, subscribe to the TriPython email list at

http://mail.python.org/mailman/listinfo/trizpug/

SQL Injection is illustrated here: https://xkcd.com/327/. Your Python code can be vulnerable to SQL injections! In this talk I will show a real example where a simple Python rest api can be vulnerable to injection and full database leak. I will do a demo where we will use sqlmap program to sucessfully exploit the purposely created vulnerable python app. Finally we will talk about what we can do to protect against SQL injections.

Our speaker, Alexander Rubin currently works as a director of data architecture for VirtualHealth (medical startup). Alexander has worked with MySQL since 2000 as DBA and Application Developer. Alexander has worked as a MySQL principal consultant/architect for over 12 years, starting with MySQL AB in 2006 (company behind MySQL database), Sun Microsystems, Oracle, and then Percona. He helped many customers design large, scalable and highly available MySQL systems, optimize MySQL performance and improve MySQL security.

Extemporaneous “lightning talks” of 5-10 minute duration are also welcome and don’t need to be pre-announced. Plenty of free-after hours parking is available in the upper level of the deck behind WebAssign (turn through the median just before the intersection of Varsity and Main Campus Drives). If the door is locked, call the number posted on the door. An after-meeting location for food and beverage will be decided at the meeting (usually BaDa Wings at Mission Valley). Come join us for a fun and informative evening.