Viewing Message #15
Time : Fri 14-Jan-2005
From : [email protected]
Subject : Joint Meeting with BCS Tayside
Message :
Joint Event with BCS Tayside - SQL Server Security
SELECT UserName, Password FROM Users
-- Getting unauthorised access to a SQL Server, and how to prevent it.
ABSTRACT
Security in software applications is an ever more important topic. This presentation focuses on improving the security of data driven applications by showing exactly what a SQL Server Injection attack looks like and presenting ways to prevent it. Although the technologies used for this presentation are Microsoft’s SQL Server 2000 and .NET Framework the general ideas presented apply to any modern multi-user data driven application framework.
The target audience are software developers, testers and team leaders. A basic understanding of SQL and C# is assumed for the demonstrations. The demonstrations will use Microsoft SQL Server 2000 Developer Edition and Microsoft Visual Studio 2003 with the client side code examples in C#.
BIO
Colin is an MCSD from Edinburgh and he has worked with Microsoft Visual C++ since about Version 2.1, but moved to the .NET Framework since it was in beta. He originally started programming when he was about 9 years old, on a Sinclair ZX Spectrum. Naturally he went for a computing degree. After leaving university he co-founded a company that developed a GIS product but he is now working for a bespoke software development house in Edinburgh developing data driven applications.
In 1996 he won Napier University's Most Promising Entrepreneur award, and the National Undergraduate Buisness Plan Award for New Business Start Ups.
He has worked with various database systems since 1994 and currently works with SQL Server 2000. He regularly answers questions on SQL Server and the .NET Framework on CodeProject and WDevs.com and since starting a blog in 2004 database security has become a recurring theme.
DATE & TIME
Tuesday 25th January 2005
6:30pm for 7pm
VENUE
Department of Applied Computing
-- Getting unauthorised access to a SQL Server, and how to prevent it.
ABSTRACT
Security in software applications is an ever more important topic. This presentation focuses on improving the security of data driven applications by showing exactly what a SQL Server Injection attack looks like and presenting ways to prevent it. Although the technologies used for this presentation are Microsoft’s SQL Server 2000 and .NET Framework the general ideas presented apply to any modern multi-user data driven application framework.
The target audience are software developers, testers and team leaders. A basic understanding of SQL and C# is assumed for the demonstrations. The demonstrations will use Microsoft SQL Server 2000 Developer Edition and Microsoft Visual Studio 2003 with the client side code examples in C#.
BIO
Colin is an MCSD from Edinburgh and he has worked with Microsoft Visual C++ since about Version 2.1, but moved to the .NET Framework since it was in beta. He originally started programming when he was about 9 years old, on a Sinclair ZX Spectrum. Naturally he went for a computing degree. After leaving university he co-founded a company that developed a GIS product but he is now working for a bespoke software development house in Edinburgh developing data driven applications.
In 1996 he won Napier University's Most Promising Entrepreneur award, and the National Undergraduate Buisness Plan Award for New Business Start Ups.
He has worked with various database systems since 1994 and currently works with SQL Server 2000. He regularly answers questions on SQL Server and the .NET Framework on CodeProject and WDevs.com and since starting a blog in 2004 database security has become a recurring theme.
DATE & TIME
Tuesday 25th January 2005
6:30pm for 7pm
VENUE
Department of Applied Computing
University of Dundee,
Park Wynd,
Dundee.