Radical Development

Technical Without the Technicalities

Down In The Weeds With sqlmap

| 0 comments

Here I plan to take a look at sqlmap and the capabilities that it provides in order to identify weakness in security so that this weakness can be addressed before a breach occurs. The tool sqlmap, like many tools, can both be used for good and bad depending upon the role of the individual. I approach this tool as a mechanism to perform penetration testing in order to uncover the vulnerabilities that otherwise may go unnoticed. If you are not sure what sqlmap is the best way I can define this tool is that it is an open source penetration … Continue reading

Attacking A Database With SQL Ninja

| 0 comments

I find it absolutely amazing the SQL injection is still a large problem when it comes to application security.  The fact is this type of injection attack is not overly difficult to mitigate, rather the fact is many developers do not understand the inherit flaws the inject into an application.  The purpose of this post is both educate and introduce a great tool named SQL Ninja, which is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable … Continue reading

August 2012: .NET SQL Server Database Code Snippets

| 0 comments

How many times have you looked for a piece of code you’ve written in the past? You probably search high and low on your hard drive, scouring through past projects and code files. Or maybe you’ve tried searching your source code control repository with unsuccessful results. How much time do you waste looking for a particular routine only to not find it, which then causes you to rewrite the routine all over again? Let’s face it, as developers we beg, borrow, and steal as much code as we can in order to get our jobs done as quickly as possible. … Continue reading

Product Review: Devart dbForge Schema Compare

| 0 comments

Database change management provides a set of tools which make the process of propagating database schema and data changes to multiple environments effortless. The problem that Database Change Management is attempting to solve: Most significant business applications rely on at least one relational database for persisting data As new features are developed, database schema changes are often necessary – i.e. new tables, columns, views, and stored procedures Database schema changes and corresponding code changes must always be deployed together Successful database change management requires that a consistent process be applied by all team members. Without a consistent process than the … Continue reading

Database Security

| 0 comments

Databases are the core targets for hackers and they can be a source of vengeance when it comes to disgruntle employees.  In this case, the Human Resources (HR) group has requirements to house data that are used across the corporation from management to the level of employees, which requires numerous security considerations. Traditionally access control has been performed at the application level within code however if a database accounts properly for access control the value of this level of control begins to take shape.  The workflow demonstrated in figure 1 provides the needed foundation to address interfaces, enforcement, and access … Continue reading

Security Development Lifecycle: SQL Injection Attacks

| 0 comments

In an earlier post titled Security Development Lifecycle: Introduction I begun introducing what the Security Development Lifecycle (SDL) represents and as I continue this series I will focus on the SDL model that Microsoft has so graciously provided to the community. Introduction In part 2 of this series I want to focus of SQL Injection and for those of you just getting started it is important to understand what a SQL Injection attack is. Here is what Microsoft has stated: SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance … Continue reading