Title: How to prevent a SQL Injection attack in SQL Server
Summary: The SQL Injection attack is a famous exploit used to inject a harmful SQL command in a SQL statement by a malicious user. This attack takes advantages of input data that is not checked by the application and by the databases when there is a input field, either a web-based or a desktop-based application. This video shows how this type of attack exploit simple SELECT statements and stored procedures an them explain a few steps that can be taken by the DBA and by the developers in order to prevent a SQL Injection attack in SQL Server 2005.
Methodology: The theory of the SQL Injection attack is explained by two examples of SQL statements and then the video discuss a few sted that can be taken by the developers and the DBA in order to prevent the SQL Injection attack in SQL Server 2005.
Built Examples: How to change the characters in a string using the REPLACE function and how to delimit identifiers using the QUOTENAME function.
Keywords: SQL, Attack, Injection, Exploit.