SEARCH RESULTS
 
Showing 1-10 of 27 records
 
Expand article

Designing SQL Server non-clustered indexes for query optimization

2008-02-14 13:06:47 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice
 
Non-clustered indexes improve SQL Server query performance by focusing queries on a subset of data. In this tip, you'll find guidelines for designing non-clustered indexes, including choosing index fields, when a clustered index should be used instead of a compound index and how statistics influence non-clustered indexes
 
Tags: index, compound index, indexes, index fields, statistics influence, data, queries, tip, guidelines
 
 
 
 
Expand article

SQL Server query to import database names

2008-02-22 15:11:16 by Abbey M. Weintraub in WhatIs: Enterprise IT tips and expert advice
 
Discover a query that will import all database names into your SQL Server
 
Tags: sql server, database names, query, import, discover
 
 
 
 
Expand article

How to maintain SQL Server indexes for query optimization

2008-03-19 11:33:36 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice
 
Maintain your SQL Server indexes with these techniques for page splits, table partitions, statistics updates and for limiting fragmented indexes. You'll also learn why query optimizer might choose to ignore your non-clustered index and instead opt for a table scan
 
Tags: sql server indexes, indexes, query optimizer, maintain, page splits, table partitions, table scan, statistics, opt
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...query through the application. This vulnerability allows for unauthorized, interactive, logon to a SQL server which may result in the execution of malicious commands leading to the possible modification (or deletion) of Operating System or user data Combining the use of parameterized queries and stored procedures helps to mitigate the risk of...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

Understanding and Selecting a Database Activity Monitoring Solution: Part 5, Advanced Features

2008-03-31 19:26:22 by rmogull in securosis.com
 
...query on any field discovered matching the SSN rule. As the system grows and changes over time, the discovery component identifies the fields matching the protected content, and automatically applies the policy Were also starting to see DAM tools that monitor live queries for the sensitive data. Policies are then freed from being tied to...
 
Tags: database, database activity, application level, application, tools, change management tools, application activity, database queries, queries
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...query parameters is vulnerable to reflected XSS. With a vulnerable application, an attacker can craft a malicious URL and send it to the victim via email or any other mode of communication. When the victim visits the tampered link, the page is loaded along with the injected script that is executed in the context of the victim's session The...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Understanding and Selecting a Database Activity Monitoring Solution: Part 4, Alerts, Workflow, and Reporting

2008-02-29 20:06:08 by rmogull in securosis.com
 
...query might trigger a low level incident within the included incident handling system, while an incident involving an administrator or high count of credit cards is emailed to a security admin and dropped into the SIEM tool as a high alert Not to say you should rely on a SIEM or other external tool to manage your incidents; those tools will...
 
Tags: database, database activity, activity, tools, dam tools, proactive security tools, security tools, alerts, technical reports
 
 
 
 
Expand article

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle
 
...query of the NVD with "Vendor=Microsoft", "Start Date= January 2007", and "End Date=December 2007" returns 254 matches. A query of NVD without selecting any vendor, and choosing "Start Date= January 2007", and "End Date=December 2007" returns 6532 matches. If my math is correct, that states that Microsoft was responsible for 3.8885 percent of...
 
Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products
 
 
 
 
Expand article

Simplify queries with SQL Server 2005 common table expressions (CTEs)

2008-02-15 12:03:37 by Abbey M. Weintraub in WhatIs: Enterprise IT tips and expert advice
 
Common table expressions (CTEs) are a handy alternative to using derived tables and views in SQL Server 2005 for retrieving data. There's no need to repeat complex code because CTEs separate code into unique units and they're self-referencing within your query. Here's a CTE how-to with examples, including details for one of its most valuable...
 
Tags: common table expressions, ctes, repeat complex code, code, sql server, recursive query, query, unique units, cte how-to