Editorials

New Injection (Prevention) Tools Released

by Ben Taylor

Tuning Takes Metrics
When you get to tuning your SQL Server, you quickly find that it’s about having a great look at your system today combined with solid metrics over time. You can compare, contrast and learn from the trends, then use that information to dig into what your server is doing, why and what you can do to tune it. SQL Sentry has some amazing tools in this area that bring leverage and visibility to your tuning and troubleshooting work. Once you see it, you can get down to the business of figuring out updates and tuning points. Get your copy here to try against your own servers.

New Injection Tools Released
I mentioned earlier this week that there were some newly announced issues with SQL Injection that could lead to unwanted access on your server. The issue revolves around a system stored procedure that was vulnerable to an overflow-type attack.

Microsoft just released an "emergency" update that included updates to IE that will help address this – so be sure you get the latest and greatest. It should come down with your normal updates (assuming you use the automated system), but if not, you’ll want to head to Windows Update and get the new bits.

Microsoft has also announced that they have new tools to help you from a developer standpoint – testing your system and code and looking for issues. Here’s a summary:

"Anti-XSS v3 BETA includes performance improvements, localization enhancement as well as a Security Runtime Engine (SRE) that uses an HTTP module to provide a level of protection against XSS for your application without the need to rebuild your code. CAT.NET v1 CTP is a binary analysis tool that can be used by developers to identify some common vulnerabilities that can lead to attack vectors such as XSS, SQL Injection and XPath Injection in your code."

You can find out more about the update and get the mentioned files and tools from Microsoft (free) here.

Featured White Paper(s)
TECHNIQUES FOR IDENTIFYING AND OPTIMIZING RESOURCE-INTENSIVE SQL SERVER QUERIES
Analysts are often provided with vague descriptions of database system performance like its sluggish or this report takes for… (read more)

Addressing the Insider Threat
This paper discusses the current state of database security, and the importance of activity monitoring and vulnerability asse… (read more)

Tags:
Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.