A common software development practice is to take data from a production system and restore it to a different environment, often called “test”, “development”, “staging”, or even “QA”. This allows for support teams to troubleshoot issues without making changes to the true production environment. It also allows for development teams to build new versions and … Read more
If you are using Microsoft 365, you can create and use an email alias through your admin center.
I’ve written before about using sqlmap to perform sql injection testing against a website. It is also possible to use sqlmap to connect directly against a database. In this post I will show you how to use sqlmap to connect directly to Azure SQL Database. Once connected you can enumerate objects, open a shell, or … Read more
At SQL Server Live last November, I demonstrated enabling SQL Audit for Azure SQL Database. During the class discussion I explained you must use Powershell to modify SQL Audit for Azure SQL Database. So, that’s my post today, showing you how it is done. By default, SQL Audit for Azure SQL Database will enable the … Read more
My final event of the year will be Black Hat Europe in London, the first week in December. This will be my second Black Hat event; the first was this past August when me and 20,000 of my closest security professional friends invaded Las Vegas. I know it may seem odd for a career database … Read more
SQL injection is a common form of data theft. I am hopeful we can make SQL injection protection more common. The 2018 TrustWave Global Security Report listed SQL Injection as the second most common technique for web attacks, trailing only cross-site scripting (XSS) attacks. This is a 38% increase from the previous year. That same … Read more
