YoVDO

SQL Security Revisited

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses SQL Injection Courses Database Administration Courses Auditing Courses Privilege Escalation Courses

Course Description

Overview

Explore SQL security vulnerabilities and best practices in this Black Hat USA 2001 conference talk by Chip Andrews. Delve into the SQL Server security framework, authentication modes, and roles. Learn about C2 level auditing and other SQL 2000 security features. Examine common attack vectors, including target acquisition methods, SQL scanning techniques, and account acquisition strategies. Understand the risks of source code disclosure and privilege escalation. Discover defensive measures to protect against SQL attacks. Gain insights into the scope and impact of SQL injection, with live demonstrations and practical examples. Master advanced SQL injection tricks to enhance your understanding of database security threats and countermeasures.

Syllabus

Intro
Presentation Outline
Presence
Security Framework
Net Libraries
SQL Server Service Context
SQL Server Security Modes (cont.)
Good Idea - What's the problem? • Microsoft recommends Windows Authentication Mode
Mode Guidelines
SQL Server Roles
C2 Level Auditing
Some Other SQL 2K Goodies
The Bad
Target Acquisition
Newsgroups
SQL Scanning
Broadcast Discovery
SQL Server Discovery
SQL Ping Utility
Account Acquisition (cont.)
Source Code Disclosure
Privilege Escalation (cont.)
Other Potential Pitfalls
They're in - Now What?
Your Defenses
Section 2 Conclusion
The Ugly
Scope of SQL Injection
SQL Injection Example 2
Live Demonstration
SQL Injection Samples
SQL Injection - Tricks


Taught by

Black Hat

Related Courses

Inglés Empresarial: Finanzas y Economía
Arizona State University via Coursera
Business English: Finance and Economics
Arizona State University via Coursera
商务英语课程:财经英语 Finance & Economics
Arizona State University via Coursera
Securing Data in Azure and SQL Server
Microsoft via edX
Budgeting and Finance for Public Libraries
University of Michigan via edX