talk-data.com
Activities & events
| Title & Speakers | Event |
|---|---|
|
All About SQL Injection
2024-04-17 · 22:00
Please join us on 17th April 2024 to listen to the topic: All About SQL Injection What \~ Toronto Data Professionals Community (Virtual) When \~ Wednesday 17th April 2024 Agenda:
Where: Online via Microsoft team Session Details: SQL injection has consistently ranked as one of the top security threats in software development. Businesses have experienced massive data breaches and have even been forced to close as a result of security holes related to SQL injection. Proactive solutions are key to preventing SQL injection and ensuring that hackers don't see your application as an easy target. We will demonstrate common mistakes that lead to SQL injection and a variety of ways which can safeguard our data against attacks. While illustrating the ways in which hackers probe and attack our systems, we will show that SQL injection is not only the result of bad TSQL, but also bad code. By securing our data from the application and database tiers, we can greatly decrease their attractiveness to hackers and prevent attacks that could cripple a business permanently. Speaker Bio: Ed Pollack is a Microsoft Data Platform MVP with a passion for learning how the Microsoft Data Platform works and sharing that knowledge with the community. His experiences in data architecture, database design, performance optimization, and data security are motivation for public speaking, writing, coding, and other community activities. Ed has spoken at SQL Saturday events, SQL Bits, PASS Summit, EightKB, and many other regional and international events. Ed is the organizer of the Capital Area SQL Server Group and SQL Saturday Albany, as well as a co-organizer of SQL Saturday New York City, and Future Data Driven. He has published a number of books, including "Dynamic SQL: Applications, Performance, and Security in Microsoft SQL Server", "Expert Performance Indexing in Azure SQL and SQL Server 2022", and "Analytics Optimization with Columnstore Indexes in Microsoft SQL Server: Optimizing OLAP Workloads". Ed is also an active contributor of content to SimpleTalk. In his free time, Ed enjoys video games, traveling, cooking exceptionally spicy foods, and hanging out with his amazing wife and sons. |
All About SQL Injection
|
|
Edward Pollack
– author
This book is an introduction and deep-dive into the many uses of dynamic SQL in Microsoft SQL Server. Dynamic SQL is key to large-scale searching based upon user-entered criteria. It's also useful in generating value-lists, in dynamic pivoting of data for business intelligence reporting, and for customizing database objects and querying their structure. Executing dynamic SQL is at the heart of applications such as business intelligence dashboards that need to be fluid and respond instantly to changing user needs as those users explore their data and view the results. Yet dynamic SQL is feared by many due to concerns over SQL injection attacks. Reading Dynamic SQL: Applications, Performance, and Security is your opportunity to learn and master an often misunderstood feature, including security and SQL injection. All aspects of security relevant to dynamic SQL are discussed in this book. You will learn many ways to save time and develop code more efficiently, and you will practice directly with security scenarios that threaten companies around the world every day. Dynamic SQL: Applications, Performance, and Security helps you bring the productivity and user-satisfaction of flexible and responsive applications to your organization safely and securely. Your organization's increased ability to respond to rapidly changing business scenarios will build competitive advantage in an increasingly crowded and competitive global marketplace. Discusses many applications of dynamic SQL, both simple and complex. Explains each example with demos that can be run at home and on your laptop. Helps you to identify when dynamic SQL can offer superior performance. Pays attention to security and best practices to ensure safety of your data. What You Will Learn Build flexible applications that respond fast to changing business needs. Take advantage of unconventional but productive uses of dynamic SQL. Protect your data from attack through best-practices in your implementations. Know about SQL Injection and be confident in your defenses against it Run at high performance by optimizing dynamic SQL in your applications. Troubleshoot and debug dynamic SQL to ensure correct results. Who This Book is For Dynamic SQL: Applications, Performance, and Security is for developers and database administrators looking to hone and build their T-SQL coding skills. The book is ideal for advanced users wanting to plumb the depths of application flexibility and troubleshoot performance issues involving dynamic SQL. The book is also ideal for beginners wanting to learn what dynamic SQL is about and how it can help them deliver competitive advantage to their organizations. |
O'Reilly Data Engineering Books
|
|
SQL Antipatterns
2010-06-25
Bill Karwin
– author
Bill Karwin has helped thousands of people write better SQL and build stronger relational databases. Now he's sharing his collection of antipatterns--the most common errors he's identified in those thousands of requests for help. Most developers aren't SQL experts, and most of the SQL that gets used is inefficient, hard to maintain, and sometimes just plain wrong. This book shows you all the common mistakes, and then leads you through the best fixes. What's more, it shows you what's behind these fixes, so you'll learn a lot about relational databases along the way. Each chapter in this book helps you identify, explain, and correct a unique and dangerous antipattern. The four parts of the book group the antipatterns in terms of logical database design, physical database design, queries, and application development. The chances are good that your application's database layer already contains problems such as Index Shotgun, Keyless Entry, Fear of the Unknown, and Spaghetti Query. This book will help you and your team find them. Even better, it will also show you how to fix them, and how to avoid these and other problems in the future. SQL Antipatterns gives you a rare glimpse into an SQL expert's playbook. Now you can stamp out these common database errors once and for all. Whatever platform or programming language you use, whether you're a junior programmer or a Ph.D., SQL Antipatterns will show you how to design and build databases, how to write better database queries, and how to integrate SQL programming with your application like an expert. You'll also learn the best and most current technology for full-text search, how to design code that is resistant to SQL injection attacks, and other techniques for success. |
|
|
Justin Clarke-Salt
– author
SQL Injection Attacks and Defense, First Edition: Winner of the Best Book Bejtlich Read Award "SQL injection is probably the number one problem for any server-side application, and this book unequaled in its coverage." –Richard Bejtlich, Tao Security blog SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information available for penetration testers, IT security consultants and practitioners, and web/software developers to turn to for help. SQL Injection Attacks and Defense, Second Edition is the only book devoted exclusively to this long-established but recently growing threat. This is the definitive resource for understanding, finding, exploiting, and defending against this increasingly popular and particularly destructive type of Internet-based attack. SQL Injection Attacks and Defense, Second Edition includes all the currently known information about these attacks and significant insight from its team of SQL injection experts, who tell you about: Understanding SQL Injection – Understand what it is and how it works Find, confirm and automate SQL injection discovery Tips and tricks for finding SQL injection within code Create exploits for using SQL injection Design apps to avoid the dangers these attacks SQL injection on different databases SQL injection on different technologies SQL injection testing techniques Case Studies Securing SQL Server, Second Edition is the only book to provide a complete understanding of SQL injection, from the basics of vulnerability to discovery, exploitation, prevention, and mitigation measures Covers unique, publicly unavailable information, by technical experts in such areas as Oracle, Microsoft SQL Server, and MySQL---including new developments for Microsoft SQL Server 2012 (Denali) Written by an established expert, author, and speaker in the field, with contributions from a team of equally renowned creators of SQL injection tools, applications, and educational materials |
|
|
SQL Injection Attacks and Defense
2009-05-05
Justin Clarke-Salt
– author
Winner of the Best Book Bejtlich Read in 2009 award! "SQL injection is probably the number one problem for any server-side application, and this book is unequaled in its coverage." Richard Bejtlich, http://taosecurity.blogspot.com/ SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information to turn to for help. This is the only book devoted exclusively to this long-established but recently growing threat. It includes all the currently known information about these attacks and significant insight from its contributing team of SQL injection experts. What is SQL injection?-Understand what it is and how it works Find, confirm, and automate SQL injection discovery Discover tips and tricks for finding SQL injection within the code Create exploits using SQL injection Design to avoid the dangers of these attacks |
|