|
SQL Injection attacks have emerged as the
application security issue that creates the most
data loss and web site defacement incidents passing
cross-site scripting. Defending SQL Server from SQL
injection continues to be a problem for many
applications. This presentation will discuss the
ways that SQL Server developers and DBA can harden
their applications and servers. The methods
demonstrated include:
- Protecting Dynamic SQL
statements when they can’t be eliminated.
- Security configuration to
minimize the vulnerable surface area
- Using DML triggers to
thwart many common attacks
- Managing stored procedure
privilege with the EXECUTE AS clause
- Using DDL triggers to
minimize vulnerabilities
- The ineffectiveness of
database and column encryption as defenses from
SQL injection.
The SQL Server is one of the most vulnerable
components of an application and one of the most
frequently attacked. Come hear about the techniques
you can use to protect it from SQL injection
attacks.
Download the slides about SQL Injection Attacks
Download the SQL examples from the SQL Injeciton
attack presentation
Andrew Novick is a
developer/consultant with 25 years in the computer
industry and a focus on SQL Server and Microsoft
.Net. His practice includes designing databases,
query optimization, analysis of performance
problems, and building business applications. His
writings include the books Transact-SQL User-Defined
Functions and “SQL Server 2000 XML Distilled. You
can find additional articles on his web site:
http://www.NovickSoftware.com
|
