SlideShare a Scribd company logo

Securing you SQL Server

Download as PPT, PDF
Gabriel Villa
Gabriel Villa

Become aware of some commonly overlooked practices in securing you SQL Server databases. Learn about physical security, passwords, privileges and roles, restricting or disabling system stored procedures and preventative best practices. And most importantly, discuss the most commonly used security threat: SQL injection and learn how to prevent them.

Technology
1 of 19
# 66
Securing your SQL Server Gabriel Villa email: [email_address] blog: www.extofer. com twitter: @extofer # 66
About Gabriel ,[object Object],[object Object],[object Object],[object Object],# 66
Outline to Securing SQL Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],# 66
# 66 “ Yes, I am a criminal. My crime is that of curiosity... My crime is that of outsmarting you, something that you will never forgive me for.” - The Mentor Written January 8, 1986
SQL Server Threats ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],# 66
SQL Injection # 66
SQL Server Security Model ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],# 66 Windows Users SQL Login Database Users DB Roles Schemas
Authentication ,[object Object],[object Object],[object Object],[object Object],# 66
Authentication ,[object Object],[object Object],[object Object],[object Object],# 66
Authentication # 66
Write Secure Code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],# 66
Passwords ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],# 66
Physical Security ,[object Object],[object Object],[object Object],# 66
Security Patches ,[object Object],[object Object],[object Object],# 66
Network Security ,[object Object],[object Object],[object Object],[object Object],# 66
Best Practices ,[object Object],[object Object],[object Object],# 66
Questions?? ,[object Object],# 66
Thank you and Feedback ,[object Object],[object Object],# 66

Recommended

Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
 
Denali Sql Server Security
Denali Sql Server SecurityDenali Sql Server Security
Denali Sql Server Security
Gabriel Villa
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Top Keys to create a secure website
Top Keys to create a secure websiteTop Keys to create a secure website
Top Keys to create a secure website
Click Ripple Solutions
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework
OWASP
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Satyendra Arora
 
Web server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalWeb server security techniques by Khawar Nehal
Web server security techniques by Khawar Nehal
Khawar Nehal khawar.nehal@atrc.net.pk
 

Recommended

Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
 
Denali Sql Server Security
Denali Sql Server SecurityDenali Sql Server Security
Denali Sql Server Security
Gabriel Villa
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Top Keys to create a secure website
Top Keys to create a secure websiteTop Keys to create a secure website
Top Keys to create a secure website
Click Ripple Solutions
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework
OWASP
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Satyendra Arora
 
Web server security techniques by Khawar Nehal
Web server security techniques by Khawar NehalWeb server security techniques by Khawar Nehal
Web server security techniques by Khawar Nehal
Khawar Nehal khawar.nehal@atrc.net.pk
 
Joomla spécialiste
Joomla spécialisteJoomla spécialiste
Joomla spécialiste
Romain Caisse
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications
OWASP
 
ESAPI
ESAPIESAPI
ESAPI
n|u - The Open Security Community
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancementsVishal Gurujuwada
 
Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet Security
John Dorner
 
Module 7 configuring network security
Module 7 configuring network securityModule 7 configuring network security
Module 7 configuring network securityxeroxk
 
Network security primer
Network security primerNetwork security primer
Network security primer
aeroman7
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For Web
Nipun Jaswal
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Nipun Jaswal
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
tomasperezv
 
Why do you need the advanced protection of the Internet Security Product / Ma...
Why do you need the advanced protection of the Internet Security Product / Ma...Why do you need the advanced protection of the Internet Security Product / Ma...
Why do you need the advanced protection of the Internet Security Product / Ma...
Andrew Clark
 
Mcafee total protection 2021
Mcafee total protection 2021Mcafee total protection 2021
Mcafee total protection 2021
GoMcAfeeactivate
 
Level Up Your WordPress Security
Level Up Your WordPress SecurityLevel Up Your WordPress Security
Level Up Your WordPress Security
Mitch Canter
 
Dark Alleys Part2
Dark Alleys Part2Dark Alleys Part2
Dark Alleys Part2
Anne Adrian
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I IPavu Jas
 
Pacu ~ Rhino Security
Pacu ~ Rhino SecurityPacu ~ Rhino Security
Pacu ~ Rhino Security
AWSMeetup
 
Digital safety
Digital safetyDigital safety
Digital safetypsusmith
 
Young lions media competitions 2009
Young lions media competitions 2009Young lions media competitions 2009
Young lions media competitions 2009adinutzadidi
 
Internet safety cyberbullying
Internet safety cyberbullyingInternet safety cyberbullying
Internet safety cyberbullyingJMFarkas
 
LightYear Wireless Fundraising Model
LightYear Wireless Fundraising ModelLightYear Wireless Fundraising Model
LightYear Wireless Fundraising Model
RobertHirsch
 
Optimistock Change Climate Change
Optimistock Change Climate ChangeOptimistock Change Climate Change
Optimistock Change Climate Changeadinutzadidi
 

More Related Content

What's hot

Joomla spécialiste
Joomla spécialisteJoomla spécialiste
Joomla spécialiste
Romain Caisse
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications
OWASP
 
ESAPI
ESAPIESAPI
ESAPI
n|u - The Open Security Community
 
Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet Security
John Dorner
 
Module 7 configuring network security
Module 7 configuring network securityModule 7 configuring network security
Module 7 configuring network securityxeroxk
 
Network security primer
Network security primerNetwork security primer
Network security primer
aeroman7
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For Web
Nipun Jaswal
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Nipun Jaswal
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
tomasperezv
 
Why do you need the advanced protection of the Internet Security Product / Ma...
Why do you need the advanced protection of the Internet Security Product / Ma...Why do you need the advanced protection of the Internet Security Product / Ma...
Why do you need the advanced protection of the Internet Security Product / Ma...
Andrew Clark
 
Mcafee total protection 2021
Mcafee total protection 2021Mcafee total protection 2021
Mcafee total protection 2021
GoMcAfeeactivate
 
Level Up Your WordPress Security
Level Up Your WordPress SecurityLevel Up Your WordPress Security
Level Up Your WordPress Security
Mitch Canter
 
Dark Alleys Part2
Dark Alleys Part2Dark Alleys Part2
Dark Alleys Part2
Anne Adrian
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I IPavu Jas
 
Pacu ~ Rhino Security
Pacu ~ Rhino SecurityPacu ~ Rhino Security
Pacu ~ Rhino Security
AWSMeetup
 
Digital safety
Digital safetyDigital safety
Digital safetypsusmith
 

What's hot (18)

Joomla spécialiste
Joomla spécialisteJoomla spécialiste
Joomla spécialiste
 
[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications
 
ESAPI
ESAPIESAPI
ESAPI
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancements
 
Dark Alleys/Internet Security
Dark Alleys/Internet SecurityDark Alleys/Internet Security
Dark Alleys/Internet Security
 
Module 7 configuring network security
Module 7 configuring network securityModule 7 configuring network security
Module 7 configuring network security
 
Network security primer
Network security primerNetwork security primer
Network security primer
 
Ground Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For Web
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
 
Why do you need the advanced protection of the Internet Security Product / Ma...
Why do you need the advanced protection of the Internet Security Product / Ma...Why do you need the advanced protection of the Internet Security Product / Ma...
Why do you need the advanced protection of the Internet Security Product / Ma...
 
Mcafee total protection 2021
Mcafee total protection 2021Mcafee total protection 2021
Mcafee total protection 2021
 
Level Up Your WordPress Security
Level Up Your WordPress SecurityLevel Up Your WordPress Security
Level Up Your WordPress Security
 
Dark Alleys Part2
Dark Alleys Part2Dark Alleys Part2
Dark Alleys Part2
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I I
 
Pacu ~ Rhino Security
Pacu ~ Rhino SecurityPacu ~ Rhino Security
Pacu ~ Rhino Security
 
Digital safety
Digital safetyDigital safety
Digital safety
 

Viewers also liked

Young lions media competitions 2009
Young lions media competitions 2009Young lions media competitions 2009
Young lions media competitions 2009adinutzadidi
 
Internet safety cyberbullying
Internet safety cyberbullyingInternet safety cyberbullying
Internet safety cyberbullyingJMFarkas
 
LightYear Wireless Fundraising Model
LightYear Wireless Fundraising ModelLightYear Wireless Fundraising Model
LightYear Wireless Fundraising Model
RobertHirsch
 
Optimistock Change Climate Change
Optimistock Change Climate ChangeOptimistock Change Climate Change
Optimistock Change Climate Changeadinutzadidi
 
Missing colors waaa11
Missing colors waaa11Missing colors waaa11
Missing colors waaa11adinutzadidi
 
Bcp Summary
Bcp SummaryBcp Summary
Bcp Summary
masterbitt
 
Chord progression
Chord progressionChord progression
Chord progressionmanoprd
 
Cisco Corporate Social Responsibility by Alexandre Lemille
Cisco Corporate Social Responsibility by Alexandre LemilleCisco Corporate Social Responsibility by Alexandre Lemille
Cisco Corporate Social Responsibility by Alexandre Lemille
Lemille
 
ดนตรีสากล
ดนตรีสากลดนตรีสากล
ดนตรีสากล
manoprd
 
พุทธประวัติ 1
พุทธประวัติ 1พุทธประวัติ 1
พุทธประวัติ 1
wanpenrd
 
Diseño programacion
Diseño programacionDiseño programacion
Diseño programacion
Edilberto Carlos Ramírez
 
พุทธประวัติ 1
พุทธประวัติ 1พุทธประวัติ 1
พุทธประวัติ 1
wanpenrd
 
Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...
Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...
Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...
Uğur Eskici
 

Viewers also liked (16)

Young lions media competitions 2009
Young lions media competitions 2009Young lions media competitions 2009
Young lions media competitions 2009
 
Internet safety cyberbullying
Internet safety cyberbullyingInternet safety cyberbullying
Internet safety cyberbullying
 
LightYear Wireless Fundraising Model
LightYear Wireless Fundraising ModelLightYear Wireless Fundraising Model
LightYear Wireless Fundraising Model
 
Optimistock Change Climate Change
Optimistock Change Climate ChangeOptimistock Change Climate Change
Optimistock Change Climate Change
 
Missing colors waaa11
Missing colors waaa11Missing colors waaa11
Missing colors waaa11
 
Emily dickinson
Emily dickinsonEmily dickinson
Emily dickinson
 
Bcp Summary
Bcp SummaryBcp Summary
Bcp Summary
 
Chord progression
Chord progressionChord progression
Chord progression
 
Webquest
WebquestWebquest
Webquest
 
Emily dickinson1
Emily dickinson1Emily dickinson1
Emily dickinson1
 
Cisco Corporate Social Responsibility by Alexandre Lemille
Cisco Corporate Social Responsibility by Alexandre LemilleCisco Corporate Social Responsibility by Alexandre Lemille
Cisco Corporate Social Responsibility by Alexandre Lemille
 
ดนตรีสากล
ดนตรีสากลดนตรีสากล
ดนตรีสากล
 
พุทธประวัติ 1
พุทธประวัติ 1พุทธประวัติ 1
พุทธประวัติ 1
 
Diseño programacion
Diseño programacionDiseño programacion
Diseño programacion
 
พุทธประวัติ 1
พุทธประวัติ 1พุทธประวัติ 1
พุทธประวัติ 1
 
Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...
Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...
Startup'tan E-ticaret Devi Olmak: SEO Altyapısını Oluştururken Google'ı Doğru...
 

Similar to Securing you SQL Server

SqlSa94
SqlSa94SqlSa94
SqlSa94
Gabriel Villa
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion Prevention
Gabriel Villa
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
Gianluca Sartori
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesYulian Slobodyan
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancement
Luigi Perrone
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
Kevin Kline
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
FernandoVizer
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
PetraVukmirovic
 
SQL Injection Attacks - Is Your Data Secure? GroupBy Conference
SQL Injection Attacks - Is Your Data Secure? GroupBy ConferenceSQL Injection Attacks - Is Your Data Secure? GroupBy Conference
SQL Injection Attacks - Is Your Data Secure? GroupBy Conference
Bert Wagner
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
Stacy Watts
 
SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester
SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester
SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester
Bert Wagner
 
Web security
Web securityWeb security
Web security
dogangcr
 
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
Sanjiv Kawa
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET Edition
Bert Wagner
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
Jim Manico
 
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
Tobias Koprowski
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
Quek Lilian
 
Securing your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionSecuring your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protection
Mike Melusky
 

Similar to Securing you SQL Server (20)

SqlSa94
SqlSa94SqlSa94
SqlSa94
 
SQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion PreventionSQL Server Security and Intrusion Prevention
SQL Server Security and Intrusion Prevention
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Security Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security IssuesSecurity Training: #4 Development: Typical Security Issues
Security Training: #4 Development: Typical Security Issues
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancement
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
 
SQL Injection Attacks - Is Your Data Secure? GroupBy Conference
SQL Injection Attacks - Is Your Data Secure? GroupBy ConferenceSQL Injection Attacks - Is Your Data Secure? GroupBy Conference
SQL Injection Attacks - Is Your Data Secure? GroupBy Conference
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
 
SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester
SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester
SQL Injection Attacks - Is Your Data Secure? SQL Saturday Rochester
 
Web security
Web securityWeb security
Web security
 
Windows network
Windows networkWindows network
Windows network
 
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLReconDEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
DEF CON 31 Demo Labs 2023: Abusing Microsoft SQL Server with SQLRecon
 
SQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET EditionSQL Injection Attacks: Is Your Data Secure? .NET Edition
SQL Injection Attacks: Is Your Data Secure? .NET Edition
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
 
Securing your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionSecuring your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protection
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 

Securing you SQL Server

  • 2. Securing your SQL Server Gabriel Villa email: [email_address] blog: www.extofer. com twitter: @extofer # 66
  • 3.
  • 4.
  • 5. # 66 “ Yes, I am a criminal. My crime is that of curiosity... My crime is that of outsmarting you, something that you will never forgive me for.” - The Mentor Written January 8, 1986
  • 6.
  • 8.
  • 9.
  • 10.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.