SecurityRatty: tag: sql

SQL Server - Fact Checking Recent Vulnerability History

2008-03-05 22:53:36 by jrjones in Jeff Jones Security Blog

...SQL Server had "... most vulnerabilities last year of any commercial database..." That is a big error, though it may be a misquote or a miscommunication. Certainly, if you go look at the current version of the original article , the incorrect statement has been removed However, given that as of today, some versions of the article containing...

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle

...SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise as many database servers as possible. While the attack was a SQL injection attack that attacked and compromised back-end databases courtesy of vulnerable Web pages, from a user's perspective the real...

Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability

New Security Tools for IIS and SQL

2008-06-25 21:45:45 by jrjones in Jeff Jones Security Blog

...SQL injection attacks UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests Microsoft Source Code Analyzer for SQL Injection (MSCASI) CTP (...

Tags: sdl blog post, blog, sql injection, sql injection attack, injection attacks, sql injection attacks, security blog, defense blog, sdl blog

SQL Injection Defense Tools

2008-06-24 16:43:00 by sdl in The Security Development Lifecycle

...SQL injection defense guidelines. The SDL requires guidance and education for end-users, and tools to verify security settings are highly recommended, as defined in " Stage 5: Implementation Phase: Creating Documentation and Tools for Users that Address Security and Privacy ". Today, Microsoft is releasing two new SQL injection defense and...

Tags: source code, complete source code, tools, source, source-code analysis tools, defense, sql injection defense, detection tools, sql injection

Tips for scheduling and testing SQL Server backups

2008-04-01 13:43:35 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

Whether you're using SQL Server or SQL Server Express Edition, these tips for scheduling backups will lead you to a successful restore. You'll learn how to schedule backups in SQL Server via the SQL Server Agent and in SQL Server Express using Windows Task Scheduler. SQL Server expert Denny Cherry also shares how to test and secure your backups

Tags: sql server, sql server express, backups, sql server agent, schedule backups, windows task scheduler, tips, successful restore, shares

SQL injection compromises MLSgear.com customer information

2008-02-11 09:27:06 by Evan Francen in The Breach Blog

...SQL injection attacks carried out on the MLSgear.com web site between January and August, 2007 Reference URL The New Hampshire State Attorney General breach notification Computerworld online story PogoWasRight.org report Report Credit The New Hampshire State Attorney General Response From the online sources cited above It has recently...

Tags: information, sensitive personal information, personal information, mlsgear, sql, debit card information, report credit, credit, credit card fraud

Secure SQL Server from SQL injection attacks

2008-06-26 11:48:22 by Denny Cherry in WhatIs: Enterprise IT tips and expert advice

Did you know that any Web application using dynamic SQL is at risk for a SQL injection attack? It's one of the most common security risks for Internet-facing SQL Server databases. In this tip, you'll learn how SQL injection works and get precise steps to protect against attacks

Tags: sql injection, sql injection attack, sql server databases, common security risks, attacks, precise steps, dynamic sql, web application, protect

SQL and SQL Server Tutorial and Reference Guide

2008-04-22 10:56:19 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

SQL (Structured Query Language) is the language of databases. This Back to Basics SQL tutorial and reference guide provides a great starting point and foundation for learning SQL or brushing up your skills

Tags: sql, basics sql tutorial, reference guide, query language, language, skills, databases, foundation

SQL Server PerfMon counters for access methods and buffer manager

2008-04-29 13:18:07 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice

...SQL Server DBA," SQL Server MVP Kevin Kline focuses specifically on SQL Server counters. Kline shares best practices for using access method counters to watch for IO intensive operations, such as full table or clustered index scans and page splits. You'll also learn why it's important to monitor the buffer manager in SQL Server, that is, keep...

Tags: sql server, sql server counters, buffer manager, buffer, sql server dba, perfmon counters, quickly pages age, access method counters, lazy writer

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo