Platinum Sponsor

“SQL Attack…ed” – SQL Server under attack: SQL Injection

One of the most often successfully attacked targets is the data that resides in a database server. SQL Server is considered "secure by default" and has in fact been the officially most secure database for 5 years in a row, but most of the exploited weaknesses are due to misconfiguration or weak coding practices.

In this purely demo-based session, I will show several real-life attacks, from mere reading up to disrupting service availability via various types of manual and automated SQL Injection, including a broadly unknown
elevation of privileges attack for a non-sa account.

If you have a database which can be reached by a web-server or other processes beyond your direct control and you are unsure regarding the possible security implications to watch out for as a developer or administrator, this session is meant for you.

– Note: The focus is not to give instructions on how to attack a system, but rather to highlight common weaknesses and why they can be fatal.
Presented by Andreas Wolter at SQLBits XII
Tags (no tags)
  • Downloads
    Slide deck available Slide Deck 2.2 MB
  • SpeakerBIO
    Andreas_Wolter.jpg

    Andreas Wolter is both a Microsoft Certified Master (MCM) on SQL Server 2008 and a Microsoft Certified Solutions Master Data Platform (MCSM) SQL Server 2012 and has also been awarded with the MVP for SQL Server. He is the founder of Sarpedon Quality Lab, a Germany-based company that specializes in Development and Optimization of SQL Server Database- and Datawarehouse-architectures with focus on performance and scalability as well as a special passion for security. With over a decade of experience with SQL Server he can be met at various international conferences and delivering training for the SQL Server Master-Class seminar-series held in Europe. You can follow him at Twitter at @AndreasWolter.

    http://www.insidesql.org/blogs/andreaswolter/ http://www.insidesql.org/blogs/andreaswolter/?tempskin=_rss2
  • Video
    The video is not available to view online.
  • Session Files Explorer
    The network name cannot be found.