Developers, DBAs, and anyone else responsible for writing or maintaining dynamic SQL queries.
SQL injection is one of the most common ways that hackers gain access to your SQL server. Do you know how to harden your queries and protect your data from malicious users?
This session will provide an overview of how SQL injection works and how to write injection-proof queries through a series of T-SQL demos. We’ll also take a look at why some commonly used techniques aren’t as secure as many people think.
If you ever write or maintain dynamic SQL queries, or work with developers who do, then this session is for you.
Why I Want to Present This Session:
The first time I saw a SQL injection attempt made against my server was around 2001. Injection vulnerabilities are fascinating because they’ve been around for so long yet there isn’t really a one-size-fits-all solution to prevent them (besides not running dynamically generated code).
With what seems like a major data breach occurring each week (many due to SQL injection!), reviewing secure query writing best practices is more relevant than ever.
Latest posts by Bert Wagner (see all)
- SQL Injection Attacks: Is Your Data Secure? - November 27, 2017
- DBAs vs Developers: JSON in SQL Server 2016 - June 9, 2017
- High-Performance SQL Server Reporting Services: Lessons Learned - January 13, 2017