Presenter: Andrew Novick of Novick Software
Topic: Defending SQL Server from SQL Injection Attacks
SQL Injection attacks have emerged as the application security issue that creates the most data loss and web site defacement incidents passing cross-site scripting.
Defending SQL Server from SQL injectioncontinues to be a problem for many applications. This presentation will discuss the ways that SQL Server developers and DBA can harden their applications and servers.
The methods demonstrated include:
- Protecting Dynamic SQL statements when they can’t be eliminated
- Security configuration to minimize the vulnerable surface area
- Using DML triggers to thwart many common attacks
- Managing stored procedure privilege with the EXECUTE AS clause
- Using DDL triggers to minimize vulnerabilities
- Ineffectiveness of database and column encryption as defenses
The SQL Server is one of the most vulnerable components of an application and one of the most frequently attacked. Come hear about the techniques you can use to protect it from SQL injection attacks.
Novick Software is the New England based consulting company of Andrew Novick. Over the last 24 years I’ve been managing projects, consulting, writing, teaching, and
programming to create software applications for both operations and analysis. The most important thing that I can do for my clients is to understand what drives their business. Only by understanding their problem
or what they’re trying to achieve can an effective solution be found.