Pete Finniganpete\@petefinnigan.comCopyright PeteFinnigan.com Ltd 2007, All rights reserved. All trademarks are the property of their respective owners and are hereby acknowledgedtag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000009.htmPete Finniganpete\@petefinnigan.com <p> Yesterday I got an email from Chema Alonso to tell me about his recent paper " Time-Based Blind SQL Injection with Heavy Queries ". This is an excellent summary paper of the technique and includes an example of how writing....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000009.htm">[Read More]</a> </p> <p>Posted by Pete On 16/10/07 At 10:16 AM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZTime based blind SQL Injectiontag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000008.htmPete Finniganpete\@petefinnigan.com <p> Today I found a nice SQL Injection cheat sheet for MS SQL Server, MySQL, PostgeSQL and Oracle. The paper is quite comprehensive and covers a good spread of types of SQL injection attacks. Its also quite good that it tries....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000008.htm">[Read More]</a> </p> <p>Posted by Pete On 03/10/07 At 10:00 AM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZSQL Injection cheat sheettag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000007.htmPete Finniganpete\@petefinnigan.com <p> SQL Injection, Are Your Web Applications Vulnerable? - by SPI Dynamics "SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000007.htm">[Read More]</a> </p> <p>Posted by Pete On 12/12/06 At 09:05 PM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZSQL Injection, Are Your Web Applications Vulnerable?tag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000006.htmPete Finniganpete\@petefinnigan.com <p> Well its been some time since I have written on this SQL Server blog. I have been very busy of late but I am planning to try and keep this blog more up to date from now on. I have....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000006.htm">[Read More]</a> </p> <p>Posted by Pete On 19/06/06 At 05:48 PM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZChip Andrews SQL lock down scripttag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000005.htmPete Finniganpete\@petefinnigan.com <p> Few people have open access to full blown web based business applications that they can use to practice all manner of web based attacks. The Open Web Application Security Project has created a full J2EE web application called WebGoat that....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000005.htm">[Read More]</a> </p> <p>Posted by Pete On 10/10/05 At 10:42 PM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZWebGoat an excellent application for testing web securitytag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000004.htmPete Finniganpete\@petefinnigan.com <p> David Litchfield has a good new paper out titled " Data-Mining With SQL Injection and Inference " which talks about the methods for extracting data from a database when its not possible to get the data back through the same....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000004.htm">[Read More]</a> </p> <p>Posted by Pete On 10/10/05 At 10:26 PM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZDavid Litchfield has a good paper on SQL Injection methodstag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000003.htmPete Finniganpete\@petefinnigan.com <p> I was searching for interesting SQL Server security stuff to look for an found out that the network protocol is called TDS (Tabular Data Stream) - well actually I knew that already. I wanted to know if there are any....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000003.htm">[Read More]</a> </p> <p>Posted by Pete On 06/10/05 At 10:06 PM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZFreeTDS an implementation of SQL Server and Sybase TDS protocol librariestag:database-security.petefinnigan.com,2023-12-13:%2Fsqlserver%2Fweblog%2Farchives%2F00000002.htmPete Finniganpete\@petefinnigan.com <p> I came across Don Kiely's post to his blog called " Dave Campbell Keynote at SQL PASS " which talks about David Campbells keynote at SQL PASS which talks about moving to SQL Server 2005 and one of the key....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000002.htm">[Read More]</a> </p> <p>Posted by Pete On 01/10/05 At 10:30 PM</p>2023-12-13T09:59:10Z2023-12-13T09:59:10ZDave Campbell Keynote at SQL PASSXML::Atom::SimpleFeed2023-12-13T09:59:10ZPete Finnigan's blog is dedicated to SQL Server Security.Pete Finnigan's SQL Server Security Blog