22-25 April 2026 
SQLBits 2014
“SQL Attack…ed” - SQL Server under attack: SQL Injection
In this purely demo-based session, I will show several real-life attacks, from mere reading up to disrupting service availability via various types of manual and automated SQL Injection, including a broadly unknown elevation of privileges attack.
One of the most often successfully attacked targets is the data that resides in a database server. SQL Server is considered "secure by default" and has in fact been the officially most secure database for 5 years in a row, but most of the exploited weaknesses are due to misconfiguration or weak coding practices.
In this purely demo-based session, I will show several real-life attacks, from mere reading up to disrupting service availability via various types of manual and automated SQL Injection, including a broadly unknown
elevation of privileges attack for a non-sa account.
If you have a database which can be reached by a web-server or other processes beyond your direct control and you are unsure regarding the possible security implications to watch out for as a developer or administrator, this session is meant for you.
– Note: The focus is not to give instructions on how to attack a system, but rather to highlight common weaknesses and why they can be fatal.
In this purely demo-based session, I will show several real-life attacks, from mere reading up to disrupting service availability via various types of manual and automated SQL Injection, including a broadly unknown
elevation of privileges attack for a non-sa account.
If you have a database which can be reached by a web-server or other processes beyond your direct control and you are unsure regarding the possible security implications to watch out for as a developer or administrator, this session is meant for you.
– Note: The focus is not to give instructions on how to attack a system, but rather to highlight common weaknesses and why they can be fatal.
Speakers
Andreas Wolter's previous sessions
What’s new in SQL Server and Azure SQL Database Security
This session will focus on the new features and capabilities that help you meet compliance and security needs with SQL Server on-premises as well as in Azure SQL Database. This includes the new Static Data Masking, new authentication capabilities, new functionalities in Vulnerability Assessment and Threat Detection as well as Always Encrypted. If you want to know about the latest developments in SQL Security, this session is for you.
“SQL Attack…ed” - SQL Server under attack: SQL Injection
In this purely demo-based session, I will show several real-life attacks, from mere reading up to disrupting service availability via various types of manual and automated SQL Injection, including a broadly unknown elevation of privileges attack.