Hacking E-Commerce Sites

UPDATE: I'm currently trapped in NYC working on a project and am not at this late hour, entirely sure if I'll be back in time to do this session.

I while ago I built a demo merchant site for the express purpose of demonstrating web application hacking techniques. These include complex attacks, as well as some basic SQL injection, with attack payloads ranging from database enumeration to gaining system level access on the underlying web server through bad application code. I'll likely end up speaking a bit about secure coding.

I'd like to give a demo of common attack techniques which may be of great interest to developers, techies, and anyone that has wondered about attack techniques.

I've been involved with security testing for the past 15 years and have now officially seen the attack landscape morph over the years - currently I lead a large Penetration Testing team, I've done this session for merchants, developers, infosec people, etc. I hope it coulde be something good for BarCamp.