SQL Injection Resources on ZDNet

ZDNet Resources

News to know: Psystar; IT Dojo; Microsoft moral; SQL Injection attacks; Ubuntu: Notable headlines: David Morgenstern: Is Psystar Mac clone using the Kalyway boot hack? IT Dojo: Create your own bootable USB flash drive for Windows XP Mary Jo Foley: Microsoft internal memo details Windows 7-Windows Live ties Another reason...; Tags: Ubuntu, Google Inc., Larry Dignan, Information Technology, Microsoft Office, Yahoo! Inc., SQL, Microsoft Corp., SQL Injection, Microsoft Windows, Microsoft Windows XP, Operating Systems, Strategy, Software, Management; Blog posts 2008-04-29
Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers: Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS serversAh yes, the technology me-too'smaking the most basic of errors.On a less dangerous level, if you look at the HTML & CSS source of web sites, the most appallingly written ones are most often on IIS.This is...; Tags: SECURITY, Microsoft IIS Server, SQL injection, HTML, CSS, SQL, Microsoft Corp., server; Discussion threads 2008-04-28
Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers: There's been a lot ofÂ noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw inÂ Microsoft's IIS (Internet Information Server), but has since been pointed out as simply a well thought out SQL Injection attack.Â For those of...; Tags: Developer, Password, Web Application, Server, SQL, Site, SQL Injection, Microsoft IIS Server, Attack, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Nathan McFeters; Blog posts 2008-04-28
Blackhat Europe, Day 1: The Waag, the Bulldog, and web application hacking: Considering my previous posts on my experiences at Black Hat Federal received pretty good reviews, I thought it would make sense to again highlight a Black Hat trip. This time it was all the way out to Amsterdam, where Rob Carter and I will be speaking about URI Use...; Tags: Black Hat, Web Application, SQL, Training, SQL Injection, Tool, Nate, Productivity, Hacking, Workforce Management, Security, Human Resources, Nathan McFeters; Blog posts 2008-03-25
Eliminate SQL Injection Attacks Painlessly With LINQ: As developers assume more of the security burden, the first web application vulnerability that many developers learn about is a particularly dangerous form of command injection known as SQL injection. Because it's so well-known, SQL injection attacks are common, dangerous, and pervasive. Fortunately, developers can prevent SQL injection easily once...; Tags: Developer, SQL, SQL Injection, LINQ, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management; White papers 2007-05-24

Use the revised OWASP Top Ten to secure your Web applications -- Part 3: Injection flaws, specifically SQL injection vulnerabilities, can present the greatest business risk in a Web application environment. In this, the third in a series on the revised OWAP Top Ten Web Application Vulnerabilities, Tom Olzak explains the nature of injection flaws and SQL injection attacks and then makes recommendations for...; Tags: Web Application, SQL Injection, Security; Download resources 2007-03-23
Fend off the next SQL Injection attack with a properly secured database: As long as Web applications are used to provide access to data, SQL Injection will continue to be a threat. SQL Injection is typically used to accomplish one of four objectives: bypass authentication, glean information, inject new or alter existing data, perform a denial of service attack, or gain access...; Tags: SQL, SQL Injection, Programming Languages, Databases, Security, Software Development, Software/Web Development, Enterprise Software, Software, Data Management; Download resources 2005-06-27
MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 1 of 2): The SQL Injection Attack in Detail (Level 300): Developers the world over underestimate the seriousness of a SQL Injection Attack. This webcast discusses how a Mal-Tech might find and approach your box, discover your schema, table, and field names, steal your data, corrupt your table records, add himself as an administrator, reduce your own admin rights, pollute your...; Tags: Microsoft Developer Network, Webcast, SQL, SQL Injection, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management; Webcasts
MSDN Webcast: Writing Secure Code (Part 2 of 3): Threat Defense (Level 200): Does user input help you to build your SQL statements? If so, you may be a victim of SQL injection. This webcast explains best practices for applying security principles throughout the development process. The webcast discusses learn effective strategies for defending common security threats such as buffer overruns, cross-site scripting,...; Tags: Microsoft Developer Network, Webcast, SQL, SQL Injection, Programming Languages, Digital Media, Databases, Security, Software Development, Software/Web Development, Consumer Electronics, Personal Technology, Enterprise Software, Software, Data Management; Webcasts
MSDN Webcast: Results Interpretation of Automated Web Attacking: Tips and Tricks (Level 200): While automated Web application vulnerability assessment tools are excellent productivity tools for developers and security professionals, these tools often yield some false-positive results. Would you like to know what you're looking at? This webcast will examine how to interpret the results of the following types of Web attacks: Cross-site scripting,...; Tags: Microsoft Developer Network, Web, Webcast, Vulnerability Assessment, SQL, SQL Injection, Tool, Productivity, Security; Webcasts
Hacker Techniques: Windows Malware and Blind SQL Injection: They keep banging on systems, crippling performance, damaging the files and laying waste to the bandwidth. How does one understands what makes this stuff tick? With a little creativity and some free, open source software the webcast shows how to analyze that malware and understand many of the changes that...; Tags: Technique, Malware, SQL, Microsoft Windows, SQL Injection, Hacker, SANS Institute, Programming Languages, Security, Databases, Viruses And Worms, Software Development, Software/Web Development, Enterprise Software, Software, Data Management; Webcasts
MSDN Webcast: Protecting Your System From SQL Injection Attacks - Level 200: SQL injection is one of the most serious threats a database can encounter. When an application is designed without regard for a comprehensive defense, it can provide an attack surface highly vulnerable to hackers skilled in SQL syntax. Once a hacker injects rogue SQL commands through a user interface, not...; Tags: Microsoft Developer Network, Webcast, SQL, SQL Injection, Programming Languages, Databases, Security, Software Development, Software/Web Development, Enterprise Software, Software, Data Management; Webcasts

Additional Resources

Microsoft Live Mesh to get more competition -- from Sun: At the opening day of JavaOne on May 6, Sun officials began laying out their vision for a future cloud-computing platform, code-named Hydrazine, that Sun plans to field against competitive offerings from Microsoft, Google, Amazon and others. Robert Brewin, Sun Chief Technology Officer and Distinguished Engineer, described...; Tags: Developer, Sun Microsystems Inc., Microsoft Corp., Hydrazine, Productivity, Mary Jo Foley; Blog posts 2008-05-07
TOAD for DB2 (1): TOAD for DB2 is a database development solution that provides productivity features/functions for rapidly creating and executing queries, facilitating database object management, developing SQL code, and accessing DB2 expertise instantly. Toad Developers have access to a community of users, peers, and experts. Version 3.1.1 includes brand new version with many...; Tags: Quest Software Inc., IBM DB2, Databases, Enterprise Software, Storage, Software, Data Management, Hardware; Software downloads 2008-05-07
DataAdapter (msi): DataAdapter is a powerful data transformation tool for end users and software developers. This tool can be used as stand alone application with a very intuitive GUI for designing and executing transformations along with being used as a developer component or command line tool. Developers can embed the powerful PumpEngine...; Tags: Developer, Tool, National Risk Services, DataAdapter, Productivity, Databases, Enterprise Software, Software, Data Management; Software downloads 2008-05-07
Wallpaper: '50s' Intoxication (1): A black & white intoxified, moviesque image. A half-focused view. A drugged main character in a Private Dick (Investigator) movie. With a '70s' photocopier, twenty years later their child repeats. A large space, well lit, a woman or a plant, hourglass figure dead ahead. The large column could easily get...; Tags: Frequency, Copiers, Digital Cameras, Digital Photography, Consumer Electronics, Personal Technology; Software downloads 2008-05-07
Common misconceptions about database security: There seems to be a serious disconnect and knowledge gap between IT security and DBAs who are entrusted with the task of safeguarding databases, says Sentrigo CTO Slavik Markovich. Commentary--You would think that enterprises realize by now that databases, which hold the “crown jewels” of sensitive information, need protecting....; Tags: Database Administrator, Storage, Databases, Hardware, Enterprise Software, Software, Data Management, security, database, IT management, Slavik Markovich, CTO of Sentrigo; News items 2008-05-05
OpenSolaris: What Ubuntu wants to be when it grows up: OpenSolaris: What Ubuntu wants to be when it grows upOpenSolaris at ZDNet open sourceI just posted a piece abou tthis at Open Source http://blogs.zdnet.com/open-source/?p=2387 but I was not under the impression that this is aimed at the desktop market at all -- only the server side.RE: OpenSolaris: What Ubuntu wants...; Tags: UNIX, OpenSolaris, Ubuntu, Ubuntu Wants; Discussion threads 2008-05-05
N-Tier: Rube Goldberg meets Wintel Scalability: N-Tier: Rube Goldberg meets Wintel ScalabilityStore procedures and serializationHow did stored procedures solve the serialization problem?If they did, it sounds like an accident due to programmers not understanding transactions and unknowingly switching from a very pessimistic locking strategy to an overly optimistic locking strategy.RE: N-Tier: Rube Goldberg meets Wintel ScalabilitySo,...; Tags: Databases, N-Tier, tier, Wintel Scalability, Rube Goldberg, Wintel; Discussion threads 2008-05-05
Stylus Studio 2008 XML Professional Suite Release 2 (exe): Stylus Studio 2008 XML Professional Suite is an XML editor for working with XML, XQuery, XSLT, XML schema and DTD, XPath, SQL or XML, HTML and XHTML, Java, XML mapping, data integration, and Web services. Stylus Studio 2008 XML Professional Suite includes support for XSLT 2.0, a new XML schema...; Tags: Stylus Studio, Stylus Studio 2008 XML Professional Suite, Stylus Studio 2008, XML, Software/Web Development, Web Development; Software downloads 2008-05-04