Posts

SQL Server Row- and Cell-Level Security – Disclosure vulnerability

It’s time for another post on security matters. And through a forum-thread on data-driven security by the means of views using the IS_MEMBER(), USER_NAME(), SUSER_SNAME() – functions, I came up with the idea of giving a short example how such constructs can easily be circumvented and the protected/hidden data become disclosed, when not being secured […]

Security-Session: “SQL Server under Attack” this November @ SQL Rally Amsterdam

Alright, this is going to be the by far most active year in terms of speaking at international conferences: After 6 conferences last year, including SQL Rally Nordic, which I really liked a lot, I had to decide between SQL Rally Nordic again or SQL Rally Amsterdam or even both.

Security Session „SQL Attack..ed“ – Attack scenarios on SQL Server (“Hacking SQL Server”)

At this year’s SQLSaturday in Germany I have shown one of my sessions again, in which I concentrate on “attack”. For me a great opportunity to dive deep into SQL Server Security and several penetration-test-tool, and to explore SQL Server for pitfalls and security configuration. At the end I had a long list of possible […]