The mission of the Security Virtual Chapter is to provide guidance and education, and to foster open discussion on security topics as they pertain to SQL Server and its environment.

Welcome to the PASS Security Virtual Chapter

Security is hard, and is hardly convenient - yet in today's world, it becomes absolutely necessary. Security touches upon infrastructure, code, and even things in the "physical" world. It is much more than Administration and Development.

The Security Virtual Chapter will cover the following topics and much more:
- SQL Server surface area and Attack vectors (SQL injection, etc)
- Encryption
- Security standards and best practices
- Forensics
- Audits and regulatory compliance
- Authentication and authorization

Understanding and Eliminating SQL Injection
Presenter:Kevin Feasel
Date: Thurs, April 17, 2014 10:00 AM - 11:00 AM PST

Over the past several years, hacktivists, criminals, and people just "out for lulz" have managed to find sensitive data owned by organizations like Sony, Yahoo, NASA, and the U.S. army, among many others. In all of these cases, the attackers exploited websites using SQL injection attacks.

SQL injection is at the top of the Open Web Application Security Project (OWASP) top 10 list and is an important part of one of the SANS 20 critical security controls. This talk will go into what SQL injection is, how attackers can use it, and how to secure your sites so that your CIO and CISO never show up on the evening news.

Although the talk will focus on using the Microsoft stack (IIS, ASP.Net, and SQL Server), the lessons will apply to all web systems everywhere.

Speaker bio:
Kevin Feasel is a database engineer at ChannelAdvisor, where he specializes in database development, performance tuning, and pulling rabbits out of hats on demand. He is a contributing author to Tribal SQL ( A resident of Durham, North Carolina, he can be found cycling the trails along the Triangle whenever the weather's nice enough.

For updates on future meetings and events, follow us on Twitter at @PASS_SecurityVC.