Radical Development

Tag Archives: Database

November 2, 2012
by Steven Swafford
Comments Off

Attacking A Database With SQL Ninja

I find it absolutely amazing the SQL injection is still a large problem when it comes to application security.  The fact is this type of injection attack is not overly difficult to mitigate, rather the fact is many developers do not understand the inherit flaws the inject into an application.  The purpose of this post is both educate and introduce a great tool named SQL Ninja, which is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable …

Continue reading

August 7, 2012
by Steven Swafford
Comments Off

August 2012: .NET SQL Server Database Code Snippets

How many times have you looked for a piece of code you’ve written in the past? You probably search high and low on your hard drive, scouring through past projects and code files. Or maybe you’ve tried searching your source code control repository with unsuccessful results. How much time do you waste looking for a particular routine only to not find it, which then causes you to rewrite the routine all over again? Let’s face it, as developers we beg, borrow, and steal as much code as we can in order to get our jobs done as quickly as possible. …

Continue reading

May 23, 2012
by Steven Swafford
Comments Off

Product Review: Devart dbForge Schema Compare

Database change management provides a set of tools which make the process of propagating database schema and data changes to multiple environments effortless. The problem that Database Change Management is attempting to solve: Most significant business applications rely on at least one relational database for persisting data As new features are developed, database schema changes are often necessary – i.e. new tables, columns, views, and stored procedures Database schema changes and corresponding code changes must always be deployed together Successful database change management requires that a consistent process be applied by all team members. Without a consistent process than the …

Continue reading

September 7, 2011
by Steven Swafford
Comments Off

Database Security

Databases are the core targets for hackers and they can be a source of vengeance when it comes to disgruntle employees.  In this case, the Human Resources (HR) group has requirements to house data that are used across the corporation from management to the level of employees, which requires numerous security considerations. Traditionally access control has been performed at the application level within code however if a database accounts properly for access control the value of this level of control begins to take shape.  The workflow demonstrated in figure 1 provides the needed foundation to address interfaces, enforcement, and access …

Continue reading

April 27, 2011
by Steven Swafford
Comments Off

Security Development Lifecycle: SQL Injection Attacks

In an earlier post titled Security Development Lifecycle: Introduction I begun introducing what the Security Development Lifecycle (SDL) represents and as I continue this series I will focus on the SDL model that Microsoft has so graciously provided to the community. Introduction In part 2 of this series I want to focus of SQL Injection and for those of you just getting started it is important to understand what a SQL Injection attack is. Here is what Microsoft has stated: SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance …

Continue reading