SEARCH RESULTS
 
Showing 1-10 of 221 records
 
Expand article

SQL Server - Fact Checking Recent Vulnerability History

2008-03-05 22:53:36 by jrjones in Jeff Jones Security Blog
 
...SQL Server had "... most vulnerabilities last year of any commercial database..." That is a big error, though it may be a misquote or a miscommunication. Certainly, if you go look at the current version of the original article , the incorrect statement has been removed However, given that as of today, some versions of the article containing...
 
Tags: server, claim sql server, sql, sql server team, sql vulnerabilities, vulnerabilities, sql server, vulnerability, sql team
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise as many database servers as possible. While the attack was a SQL injection attack that attacked and compromised back-end databases courtesy of vulnerable Web pages, from a user's perspective the real...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

New Security Tools for IIS and SQL

2008-06-25 21:45:45 by jrjones in Jeff Jones Security Blog
 
...SQL injection attacks UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests Microsoft Source Code Analyzer for SQL Injection (MSCASI) CTP (...
 
Tags: sdl blog post, blog, sql injection, sql injection attack, injection attacks, sql injection attacks, security blog, defense blog, sdl blog
 
 
 
 
Expand article

Smells Like a Copycat SQL Injection In the Wild

The Article has images
2008-07-28 05:51:23 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...SQL injections , that as a matter of fact remain ongoing, copycats taking advantage of the very same SQL injection tools using public search engine's indexes as a reconnaissance tools, are also starting to take advantage of localized and targeted attacks , attacking specific online communities. Among these is mx.content-type.cn /day.js using...
 
Tags: sql, tools, sql injection tools, massive sql injections, attacks, sql injection attacks, sql injection, massive sql injection, site sql
 
 
 
 
Expand article

SQL Injection Defense Tools

2008-06-24 16:43:00 by sdl in The Security Development Lifecycle
 
...SQL injection defense guidelines. The SDL requires guidance and education for end-users, and tools to verify security settings are highly recommended, as defined in " Stage 5: Implementation Phase: Creating Documentation and Tools for Users that Address Security and Privacy ". Today, Microsoft is releasing two new SQL injection defense and...
 
Tags: source code, complete source code, tools, source, source-code analysis tools, defense, sql injection defense, detection tools, sql injection
 
 
 
 
Expand article

Obfuscating Fast-fluxed SQL Injected Domains

The Article has images
2008-07-17 15:31:06 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...SQL injection campaign. Consider the following examples of obfuscated domains, naturally being in a fast-flux in the time of the SQL injection that several Chinese script kiddies were taking advantage of 6b%6b%36%2e%75%73 - kk6.us 73%61%79%38%2E%75%73 - s.see9.us 66%75%63%6B%75%75%2E%75%73 - fuckuu.us 61%2E%6B%61%34%37%2E%75%73 - a.ka47.us...
 
Tags: sql, massive sql injections, sql injection campaign, sql injection attacks, popular sql injectors, massive sql injection, site sql, sql injection, campaign
 
 
 
 
Expand article

Tips for scheduling and testing SQL Server backups

2008-04-01 13:43:35 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice
 
Whether you're using SQL Server or SQL Server Express Edition, these tips for scheduling backups will lead you to a successful restore. You'll learn how to schedule backups in SQL Server via the SQL Server Agent and in SQL Server Express using Windows Task Scheduler. SQL Server expert Denny Cherry also shares how to test and secure your backups
 
Tags: sql server, sql server express, backups, sql server agent, schedule backups, windows task scheduler, tips, successful restore, shares
 
 
 
 
Expand article

SQL injection compromises MLSgear.com customer information

2008-02-11 09:27:06 by Evan Francen in The Breach Blog
 
...SQL injection attacks carried out on the MLSgear.com web site between January and August, 2007 Reference URL The New Hampshire State Attorney General breach notification Computerworld online story PogoWasRight.org report Report Credit The New Hampshire State Attorney General Response From the online sources cited above It has recently...
 
Tags: information, sensitive personal information, personal information, mlsgear, sql, debit card information, report credit, credit, credit card fraud
 
 
 
 
Expand article

Secure SQL Server from SQL injection attacks

2008-06-26 11:48:22 by Denny Cherry in WhatIs: Enterprise IT tips and expert advice
 
Did you know that any Web application using dynamic SQL is at risk for a SQL injection attack? It's one of the most common security risks for Internet-facing SQL Server databases. In this tip, you'll learn how SQL injection works and get precise steps to protect against attacks
 
Tags: sql injection, sql injection attack, sql server databases, common security risks, attacks, precise steps, dynamic sql, web application, protect