All web portals and web shops use databases to store accounts, offers and other content in the backend. SQL Injection is a technique to attack this backend, the database, by manipulating the values going to the web application. Due to inadequate development, attackers can manipulate data in the backend or execute commands on these systems through SQL Injection. The output of the database is not always very important for the attackers. I will also show you how to detect and prevent these attacks without changing one line of code in the application.

Jens Muecke
Jens Muecke has been working in the web 2.0 cloud for several companies in Germany for more than 10 years. In his free time, he develops embedded linux / OpenWRT, microcontroller and other open source projects. He has given several workshops and talks on conferences and events in Europe and is a member of the CCC in Hamburg.