Pete Finnigan's SQL Server Security Blog http://database-security.petefinnigan.com/sqlserver/weblog/entries Pete Finnigan's blog is dedicated to SQL Server Security. en-gb Copyright PeteFinnigan.com Ltd 2007, All rights reserved. All trademarks are the property of their respective owners and are hereby acknowledged 2009-11-20T20:10:46Z Pete Finnigan (mailto:webmaster\@petefinnigan.com) Pete Finnigan (mailto:pete\@petefinnigan.com) Pete Finnigan's blog is dedicated to SQL Server Security. Pete Finnigan's SQL Server Security Blog Pete Finnigan's SQL Server Security Blog http://web.petefinnigan.com/images/company_logo_1.gif http://database-security.petefinnigan.com/sqlserver/weblog/entries Time based blind SQL Injection http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000009.htm <p> Yesterday I got an email from Chema Alonso to tell me about his recent paper " Time-Based Blind SQL Injection with Heavy Queries ". This is an excellent summary paper of the technique and includes an example of how writing....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000009.htm">[Read More]</a> </p> <p>Posted by Pete On 16/10/07 At 10:16 AM</p> SQL Injection cheat sheet http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000008.htm <p> Today I found a nice SQL Injection cheat sheet for MS SQL Server, MySQL, PostgeSQL and Oracle. The paper is quite comprehensive and covers a good spread of types of SQL injection attacks. Its also quite good that it tries....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000008.htm">[Read More]</a> </p> <p>Posted by Pete On 03/10/07 At 10:00 AM</p> SQL Injection, Are Your Web Applications Vulnerable? http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000007.htm <p> SQL Injection, Are Your Web Applications Vulnerable? - by SPI Dynamics "SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000007.htm">[Read More]</a> </p> <p>Posted by Pete On 12/12/06 At 09:05 PM</p> Chip Andrews SQL lock down script http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000006.htm <p> Well its been some time since I have written on this SQL Server blog. I have been very busy of late but I am planning to try and keep this blog more up to date from now on. I have....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000006.htm">[Read More]</a> </p> <p>Posted by Pete On 19/06/06 At 05:48 PM</p> WebGoat an excellent application for testing web security http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000005.htm <p> Few people have open access to full blown web based business applications that they can use to practice all manner of web based attacks. The Open Web Application Security Project has created a full J2EE web application called WebGoat that....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000005.htm">[Read More]</a> </p> <p>Posted by Pete On 10/10/05 At 10:42 PM</p> David Litchfield has a good paper on SQL Injection methods http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000004.htm <p> David Litchfield has a good new paper out titled " Data-Mining With SQL Injection and Inference " which talks about the methods for extracting data from a database when its not possible to get the data back through the same....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000004.htm">[Read More]</a> </p> <p>Posted by Pete On 10/10/05 At 10:26 PM</p> FreeTDS an implementation of SQL Server and Sybase TDS protocol libraries http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000003.htm <p> I was searching for interesting SQL Server security stuff to look for an found out that the network protocol is called TDS (Tabular Data Stream) - well actually I knew that already. I wanted to know if there are any....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000003.htm">[Read More]</a> </p> <p>Posted by Pete On 06/10/05 At 10:06 PM</p> Dave Campbell Keynote at SQL PASS http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000002.htm <p> I came across Don Kiely's post to his blog called " Dave Campbell Keynote at SQL PASS " which talks about David Campbells keynote at SQL PASS which talks about moving to SQL Server 2005 and one of the key....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000002.htm">[Read More]</a> </p> <p>Posted by Pete On 01/10/05 At 10:30 PM</p>