SQL Injection

The Top 15 SQL Server Security Myths

2023-06-122023-06-12
SQL Server Database Development, SQL Server Database Engine

As a SQL Server DBA, you are responsible for securing your organization’s critical data stored in SQL Server. However, there are many myths surrounding SQL Server security 🔒 that can lead to a false sense of security or even leave you vulnerable to attacks. In this blog post, I’ll be debunking the 15 most common security-related myths in SQL Server that every DBA should be aware of. So, grab a cup of coffee, and let’s get started! ☕

Detect Application Bugs and Vulnerabilities You Didn’t Even Know About

2022-12-052025-03-08
SQL Server Database Development, SQL Server Database Engine, T-SQL, Tools and Scripts
2 Comments

In this post, I will introduce you to a special T-SQL script that you can use for detecting potential SQL injection attacks in your database, as well as application-level bugs that you didn’t necessarily know you had.

Could SQL Injection be dangerous even when perfectly safe?

2022-08-11
SQL Server Database Development, SQL Server Database Engine, SQL Server Performance, T-SQL

SQL Injection is something I would expect any reader of my blog to be familiar with. Despite being one of the oldest database attack methods, it still persists for decades on the OWASP Top Ten list of critical security risks to web applications.

In fact, instead of dying out, it only seems to be getting more clever and even automated. With “hacker bots” scouring the web and automatically probing for injection vulnerabilities to exploit. I know, as I’ve once been a victim of such attacks in the past.

But today I’m not actually going to talk about that. Today, I’m going to ask the question: When is SQL Injection dangerous, even if it’s perfectly safe?

How to Protect SQL Server from Hackers and Penetration Tests

2020-07-28
SQL Server Database Development

On June 3rd, the InfosecMatter blog published a post titled “Top #10 Vulnerabilities: Internal Infrastructure Pentest“. This blog post detailed the top most common vulnerabilities in Windows servers and networks found during more than 60 internal infrastructure penetration tests around the world. After reading this article, I was prompted to actively look for similar resources on SQL Server penetration testing, and I got some interesting findings. Check out my blog post at the Madeira Data Solutions website for the details.

Webinar: Advanced Dynamic Search Queries and How to Protect Them

2019-01-08
Life

First of all, I must apologize for the long hiatus since my last published content.
I’ve been busy working on a lot of very different stuff, and unfortunately this delayed me from actually completing any one particular thing.

One thing that I did complete, though, was preparing and submitting a webinar for the PASS Global Hebrew Virtual Group.

The webinar is called “Advanced Dynamic Search Queries and How to Protect Them”, and I will be presenting it on Tuesday, April 30th 2019, 13:00 UTC (15:00 Israel Time).