Pete Finnigan pete\@petefinnigan.com Copyright PeteFinnigan.com Ltd 2007, All rights reserved. All trademarks are the property of their respective owners and are hereby acknowledged tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000009.htm Pete Finnigan pete\@petefinnigan.com <p> Yesterday I got an email from Chema Alonso to tell me about his recent paper " Time-Based Blind SQL Injection with Heavy Queries ". This is an excellent summary paper of the technique and includes an example of how writing....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000009.htm">[Read More]</a> </p> <p>Posted by Pete On 16/10/07 At 10:16 AM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z Time based blind SQL Injection tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000008.htm Pete Finnigan pete\@petefinnigan.com <p> Today I found a nice SQL Injection cheat sheet for MS SQL Server, MySQL, PostgeSQL and Oracle. The paper is quite comprehensive and covers a good spread of types of SQL injection attacks. Its also quite good that it tries....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000008.htm">[Read More]</a> </p> <p>Posted by Pete On 03/10/07 At 10:00 AM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z SQL Injection cheat sheet tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000007.htm Pete Finnigan pete\@petefinnigan.com <p> SQL Injection, Are Your Web Applications Vulnerable? - by SPI Dynamics "SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000007.htm">[Read More]</a> </p> <p>Posted by Pete On 12/12/06 At 09:05 PM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z SQL Injection, Are Your Web Applications Vulnerable? tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000006.htm Pete Finnigan pete\@petefinnigan.com <p> Well its been some time since I have written on this SQL Server blog. I have been very busy of late but I am planning to try and keep this blog more up to date from now on. I have....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000006.htm">[Read More]</a> </p> <p>Posted by Pete On 19/06/06 At 05:48 PM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z Chip Andrews SQL lock down script tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000005.htm Pete Finnigan pete\@petefinnigan.com <p> Few people have open access to full blown web based business applications that they can use to practice all manner of web based attacks. The Open Web Application Security Project has created a full J2EE web application called WebGoat that....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000005.htm">[Read More]</a> </p> <p>Posted by Pete On 10/10/05 At 10:42 PM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z WebGoat an excellent application for testing web security tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000004.htm Pete Finnigan pete\@petefinnigan.com <p> David Litchfield has a good new paper out titled " Data-Mining With SQL Injection and Inference " which talks about the methods for extracting data from a database when its not possible to get the data back through the same....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000004.htm">[Read More]</a> </p> <p>Posted by Pete On 10/10/05 At 10:26 PM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z David Litchfield has a good paper on SQL Injection methods tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000003.htm Pete Finnigan pete\@petefinnigan.com <p> I was searching for interesting SQL Server security stuff to look for an found out that the network protocol is called TDS (Tabular Data Stream) - well actually I knew that already. I wanted to know if there are any....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000003.htm">[Read More]</a> </p> <p>Posted by Pete On 06/10/05 At 10:06 PM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z FreeTDS an implementation of SQL Server and Sybase TDS protocol libraries tag:database-security.petefinnigan.com,2009-11-20:%2Fsqlserver%2Fweblog%2Farchives%2F00000002.htm Pete Finnigan pete\@petefinnigan.com <p> I came across Don Kiely's post to his blog called " Dave Campbell Keynote at SQL PASS " which talks about David Campbells keynote at SQL PASS which talks about moving to SQL Server 2005 and one of the key....<a href="http://database-security.petefinnigan.com/sqlserver/weblog/archives/00000002.htm">[Read More]</a> </p> <p>Posted by Pete On 01/10/05 At 10:30 PM</p> 2009-11-20T20:10:46Z 2009-11-20T20:10:46Z Dave Campbell Keynote at SQL PASS XML::Atom::SimpleFeed 2009-11-20T20:10:46Z Pete Finnigan's blog is dedicated to SQL Server Security. Pete Finnigan's SQL Server Security Blog