Hacking SQL Server

In this presentation at the Jacksonville SQL Server Users Group, Bayer White playS the part of a developer protecting his application and Brian Knight attempts to hack his application using SQL Injection and cross-site scripting. Then, Bayer will show you how to protect yourself from the hacker and then Brian tries again. Back and forth the chess match goes until someone wins!

Owner of Pragmatic Works :: Brian Knight, SQL Server MVP, MCSE, MCDBA, is the co-founder of Jumpstart TV and SQLServerCentral.com. Brian has written and co-written 9 technical books. Brian has spoken at conferences like PASS, TechEd and Connections. Brian develops solutions with Pragmatic Works to migrate DTS packages to SSIS.

Rick Stein on 9/15/2008

Went a bit fast.

pepe on 10/1/2008

excellent

Paul Kirkham on 10/7/2008

What an eye opener. Great info.

Rahul Sharma on 10/17/2008

Greate video...

rf2008 on 10/17/2008

on watching this video, it is clear that not only hacker can hack but also people with limited ability can hack.

jayant on 10/20/2008

best one thanks a lot...

7727CACFEB on 10/28/2008

Excellent, learn a lot about sql injection and how to hack.

borjonx on 11/11/2008

the guy hacking is pompous & a bit snooty. even still tho, this is one of the best demo's of it's kind I've ever seen, and I've been watching for about 7 years.

Brian Knight on 11/12/2008

:) I'm the pompous guy in the video. It was an act Bayer and I used for the session to smack talk back and forth to make it more interesting but I can totally see where you got that impression from.

Luis Sayegh on 11/20/2008

Good video! Excellent... Thank a lot Brian

rf2008 on 11/21/2008

:) had to smile on brian's commet, thought it funny, also glad to see a very talented guy answering to comments on fedback. sql is good, only for the right reasons, not hacking. rf2008

Vinay Bhushan on 12/2/2008

This Video was brilliently done, Need to protect my site now.

Lars Mikkelsen on 12/3/2008

Great video - it taught me a couple of new methods to protect the sites I create.

James Young on 12/3/2008

Hi Guys, thank you very much for putting this up on the web, I have had some sort of an attack on one of my sites with a MS SQL backend so I am working on preventing it happening again. There is a lot of information in this video and I shall have to watch it several times to absorb it all. Regards James

33FFBFECC5 on 12/8/2008

Good one

Bill Kearson on 12/30/2008

Great job. I need to check my websites. Where on JumpstartTV are the scripts and source code found?

John Echo on 1/1/2009

I could not find the slide nor the documents mentioned in this video

Pete Williams on 1/6/2009

Great topic. I really appreciate the examples provided.

Jay on 1/7/2009

Good stuff. But please please stop saying "right now I'm going to go ahead and....." it is cringeworthy outside of the USA. "I will..." is sufficient :)

Daniel Jordan on 3/2/2009

I learned that I have a lot to learn.

Paul Tormey on 3/10/2009

Well done. Is it possible to get the detail in a document that we can go through to understand exactly what you were doing? You can contact me on paultormey@gmail.com

Chacha on 3/26/2009

Excellent. Need also to tell to developers not to use KeyID (that may be exposed to users) only to update user data.

Marcus Hopfinger on 9/18/2009

Must watch for DBAs and security people AND developers as well so they know how to build better code.

Manish Sharma on 9/30/2009

I have note down maximum things from the presentation, But it would be very helpful if I get the PPT or some documentation.

Marcel Roesink on 1/13/2010

Very usefull for starting developers (students) that have to learn SQL and web-development.

Nuh on 1/21/2010

Very Nice, keep going

Nuh on 2/16/2010

Actually this type of weak shells are used very very rarely, people are smart now, but I do agree that there are till now 100's of site weak enough to be valn'ed by BSI. Nicely presented, but abit fast.

Mike on 4/27/2010

This was very helpful for me. Thanks.

Sarabpreet Singh on 5/1/2010

Gud One ;) Excellent