First of all, I must apologize for the long hiatus since my last published content.
I’ve been busy working on a lot of very different stuff, and unfortunately this delayed me from actually completing any one particular thing.
One thing that I did complete, though, was preparing and submitting a webinar for the PASS Global Hebrew Virtual Group.
The webinar is called “Advanced Dynamic Search Queries and How to Protect Them“, and I presented it on Tuesday, April 30th 2019, 13:00 UTC (15:00 Israel Time).
Please find the event page here (where you can view it and also download its accompanying materials).
No, it’s not yet another presentation about SQL injection. We all know how to protect from SQL injections already. But that’s only relevant when you know in advance which columns can be queried by the user and using what kind of operators (“equals”, “like”, “between”, etc.). Instead, what I really want to talk about is when you actually don’t know in advance which parameters to expect, you don’t know in advance the chosen operator to use per each parameter, and you actually want to give the user truly full unlimited control over search criteria. We’ll discuss different methods of achieving advance scenarios, the pros and cons of each, and most importantly: How do you do it without fear of malicious attacks.
If you’re already familiar with my past work, you might recognize the topic from my blog post about Dynamic Search Queries, first published a few years ago.
That post is rather outdated, though. So my webinar contains whole new content, new mechanisms (but similar principles to what I wrote about in the old blog post), and of course a whole other media format (you’ll get to hear and see me speak! yay!).
So, if you haven’t yet, go ahead and check out the webinar here. Please note, though, that since it’s the Hebrew Virtual Group, the presentation is in Hebrew.