7421
Hands-On Project 8-1: Exploitation Awareness, page 239 of Database Security by Alfred Basta, Melissa Zgola First Edition.
Nathan is a security consultant for Tyler & Haley financial, a large mortgage lending company in New York City. He has been hired to raise the company DBA’s awareness about SQL injections.
- 1. Nathan is giving a speech on the four steps of exploitation. What four steps do you anticipate him including within his speech?
- 2. Nathan is planning to describe at least three ways a database management system can be identified. What three ways for identifying a DBMS should Nathan cover?
- 3. Nathan plans to provide a few examples of SQL statements that can be used to gather information externally. Provide two examples of SQL statements that Nathan can provide.
- 4. What suggestions do you expect Nathan to provide for securing the company databases against SQL injections?