SQL Security Revisited
Offered By: Black Hat via YouTube
Course Description
Overview
Explore SQL security vulnerabilities and best practices in this Black Hat USA 2001 conference talk by Chip Andrews. Delve into the SQL Server security framework, authentication modes, and roles. Learn about C2 level auditing and other SQL 2000 security features. Examine common attack vectors, including target acquisition methods, SQL scanning techniques, and account acquisition strategies. Understand the risks of source code disclosure and privilege escalation. Discover defensive measures to protect against SQL attacks. Gain insights into the scope and impact of SQL injection, with live demonstrations and practical examples. Master advanced SQL injection tricks to enhance your understanding of database security threats and countermeasures.
Syllabus
Intro
Presentation Outline
Presence
Security Framework
Net Libraries
SQL Server Service Context
SQL Server Security Modes (cont.)
Good Idea - What's the problem? • Microsoft recommends Windows Authentication Mode
Mode Guidelines
SQL Server Roles
C2 Level Auditing
Some Other SQL 2K Goodies
The Bad
Target Acquisition
Newsgroups
SQL Scanning
Broadcast Discovery
SQL Server Discovery
SQL Ping Utility
Account Acquisition (cont.)
Source Code Disclosure
Privilege Escalation (cont.)
Other Potential Pitfalls
They're in - Now What?
Your Defenses
Section 2 Conclusion
The Ugly
Scope of SQL Injection
SQL Injection Example 2
Live Demonstration
SQL Injection Samples
SQL Injection - Tricks
Taught by
Black Hat
Related Courses
Inglés Empresarial: Finanzas y EconomíaArizona State University via Coursera Business English: Finance and Economics
Arizona State University via Coursera 商务英语课程:财经英语 Finance & Economics
Arizona State University via Coursera Securing Data in Azure and SQL Server
Microsoft via edX Budgeting and Finance for Public Libraries
University of Michigan via edX