Hands-On Project 8-1: Exploitation Awareness, page 239 of Database Security by Alfred Basta, Melissa Zgola First Edition.

Nathan is a security consultant for Tyler & Haley financial, a large mortgage lending company in New York City. He has been hired to raise the company DBA’s awareness about SQL injections.

  1. 1. Nathan is giving a speech on the four steps of exploitation. What four steps do you anticipate him including within his speech?
  2. 2. Nathan is planning to describe at least three ways a database management system can be identified. What three ways for identifying a DBMS should Nathan cover?
  3. 3. Nathan plans to provide a few examples of SQL statements that can be used to gather information externally. Provide two examples of SQL statements that Nathan can provide.
  4. 4. What suggestions do you expect Nathan to provide for securing the company databases against SQL injections?