SQLBits 2020

SQL Injection: How it Works, How to Stop It

Learn what SQL Injection is and all the mechanisms you should employ to help stop it.

This session will explain and demonstrate exactly how a SQL Injection attack occurs. While the core vulnerability is easy to understand, exactly how hackers exploit that vulnerability is not. I'll show you how a hacker explores your database through SQL Injection to find vulnerabilities and sensitive data. Better still, I'll show you the errors that this exploration generates as a mechanism for monitoring your systems to find SQL Injection attacks. Finally, I'll show you the steps you should be taking to properly secure your systems in order to completely avoid SQL Injection attacks.

Speaker

Grant Fritchey, SQL Server MVP, works for Redgate Software as a Product Advocate. He is the author of the books SQL Server Execution Plans (Simple-Talk) and SQL Server Query Performance Tuning (Apress).

Grant Fritchey's Sessions

Managing the Challenge of Monitoring Growing, Multi-platform Database Estates

The New Database Landscape - Revealing Shifts and Charting the Next Horizon

Fundamentals of Git

Efficiency up, failed releases down; compliant production data for your test and dev environments

Benefits of Using Version Control In Database Development

Yes, You Should Monitor Azure SQL Database

SQL Injection: How it Works, How to Stop It

Learn to Read Execution Plans

Environment Provisioning: The Third Age

DevOps and Data

Exploring Execution Plans

Statistics, Row Counts, Execution Plans, and Query Tuning

Faster Provisioning with SQL Clone

Automating Your Database Deployments

Getting Started Reading Execution Plans

Monitoring Windows Azure SQL Server VMs and SQL Databases

Query Tuning in the Clouds