Last night I attended the NE Bytes event which was held at Newcastle University covering SQL Injection attacks and a sneak peak at the new Microsoft Office 2010.
SQL Injection attacks and how to avoid them – Colin Mackay
Colin Mackay, an MVP and event manager gave a talk on SQL injection attacks and how to avoid them when developing your applications. He explained that SQL Injections are nothing new and how they been around for quite a while now and to avoid them. It was also pointed out that you need a multifaceted approach to lock down your application. Colin talked about how attacks can be separated into two categories mainly 1st and 2nd order attacks and how you should trust nothing (even paper forms). He then went on to discuss how stored procedures can provide an extra level of security, but they also have their downfalls. Towards the end of the talk he discussed Dynamic SQL in SPROC, ORMs and why you should hide your error messages.
A sneak peak into Microsoft Office 2010 – Ben Lee and Jo Noble
Ben Lee and Jo Noble paired up for the next talk in which they discussed and gave demos of some of the new upcoming features in Microsoft’s newest release of Office. The following features are the ones they hit on most and I have to say they look rather cool.
- Broadcast Slideshow – Broadcast your slides over the web
- Enhanced inbuilt image and video editing features
- Conversation View
- Mail Tips
- Ignore Conversations
- Social Connectors
- Backstage – A live print preview feature!
- Easier ways to insert screenshots
- Enhanced Outlook Integration
- Linked note taking
- Searchable images and audio
Ben then talked about App-V, Microsoft’s Application Virtualization technology and some of the benefits it can provide including how it can be used over cross platform and the ability to roll out software updates to a central location. He also talked about App-V delivery, using App-V server and SCCM Integration. Towards the end of the talk Ben discussed Sequencing an application and licensing considerations.