Featured Client

Logan Registration

LRS uses MCC to develop and maintain critical business systems for their online operation.

Company News

SQL Injection Attack Prevention - SQL Server Security Audit

How to secure SQL Server databases from SQL injection
There are a few ways to protect your database against these kinds of attacks. First we need to lock down the database security using database security best practices. This involves setting up the database security with the lowest set of permissions possible. It also includes not using any table-level access to the tables. All access to the tables should be done through stored procedures, and those stored procedures should not include any dynamic SQL

By removing access to the table objects you greatly reduce the surface that can be attacked. However, this is not the only thing that must be done. The stored procedures still present an attack vector that can be exploited. While this attack vector takes more time to exploit, it is possible to exploit the database using your stored procedures -- they're designed to insert, update and delete data from your database. A clever hacker can use your own stored procedures against you.

This is where your application developers need to work with you to ensure the code being executed against the database is secure. Without securing the application layer against SQL injection attacks, all bets are off. The data, as it comes into the database, is basically impossible to validate within the database. It needs to be validated at the application layer.

Without properly securing your website's front-end application and back-end database fully, you leave yourself wide open to SQL Injection attacks. These attacks can be as unintrusive as seeing if it's possible and as intrusive as sending all your customer data to the attacker. Destruction could reach levels of all data being deleted or your site and application being used to distribute a virus to unsuspecting customers. In the short term, this would infect your customers' computer; in the long term, your company could be added to an unsafe browsing list.

MCC's SQL Server DBA's are capable of reviewing code and SQL Server's configuration to assess for SQL Injection and other vulnerabilities. Remedies that we can advise or perform include:

Audit of source code and SQL Server
Rewriting .NET application code and SQL Server Objects that previously dynamically built SQL executable strings, into using parameterized SQL Server Stored Procedures
Locking down SQL Server via Surface Area Configuration
Limiting the access of SQL Server service accounts
Setting permissions within SQL Server

The SQL Server consultants at Miles Consulting Corp are ready to assist you in securing your SQL Server database from SQL Injection and other attacks.

SQL Injection and SQL Server Related Services

Security Related Consulting Services

We are a Microsoft Gold Certified Partner, offering IT Outsourcing, networking and software development. Our firm provides service in Sacramento, the San Francisco Bay Area, Silicon Valley, San Jose, Los Angeles, Orange County, Las Vegas, and Seattle. Our infrastructure engineers and software architects provide networking and web application solutions to small businesses as well as enterprise clients. Our Microsoft certified consultants provide technical support onsite, emergency support, and consulting on business continuity and disaster recovery. Our core competencies include Microsoft CRM customization, Microsoft Exchange consulting, Cisco consulting, SharePoint consulting, Windows consulting, Outsourced Remote Help Desk, virtual server consulting, .NET consultants, and Remote SQL Server DBA services.

	MS CRM specialists, Microsoft CRM 4.0, Dynamics CRM Certified Consultants - Microsoft CRM Customization - Microsoft CRM Consulting
	Microsoft Exchange Support, Exchange 2010 Consulting, Exchange Server Migration, Exchange Server Support - Exchange Server Consultants
	IT Consulting Firm, Network Consulting Firm, Network Support, Remote Help Desk
	Equallogic Price List
	SharePoint Upgrade, Customizing SharePoint, Certified SharePoint Consultants - SharePoint Consultants
	Microsoft SQL Server Remote DBA, SQL Server 2008 Upgrades, SQL Server Performance Tuning - SQL Server Consulting
	Small Business Server Consulting, SBS 2008 Migration, Windows SBS Experts - Microsoft SBS Consulting
	Microsoft Virtualization Consultants, Server Virtualization Firm, Virtual Server Experts - HyperV Consulting
	IT Managed Services, Outsourced IT, Managed Services Provider - IT Managed Services Firm
	MS Windows Server Experts, Support, Windows Server Consulting Firm - Microsoft Windows 2008 Consulting
	Dell EqualLogic Partner, Purchase Equallogic, Storage Area Network (SAN) installation, Fibre Channel and iSCSI SAN experts - Equallogic Pricing
	Cisco Certified Network Associates, CCNAs, CCSPs, ASA, PIX, Cisco Router, Cisco IOS Experts, PIX;- Cisco Consulting
	IT Outsourcing, On-Site Computer Support, Outsourced IT, On-Call Tech Support
	Computer Networking, Network Support Firm, Windows Network Experts, Technical Support, On-Site and Remote Help Desk - Network Support
	VMWare Support, Server Virtualization Consultants, Server Consolidation, Hyper-V versus VMWare - VMWare Consulting
	Server Monitoring, Remote Network Monitoring, Computer System Monitoring - Remote Network Monitoring
	Network Penetration Testing, IT Security Audit, Computer Security Consultants, Windows Network Security Protection - Network Security Firm
	.NET Architects, Service Oriented Architecture, ASP.NET Consultants, C#, VB.NET, .NET Framework, .NET 3.5 - .NET Consulting
	IT Staffing Firm, IT Recruiter, Technical Recruiting, Tech Staffing - IT Recruiter
	Disaster Recovery Firm, Disaster Recovery Consultants, DR Solutions - Disaster Recovery Consulting
	Non Profit Discounted IT-Consulting to 501c3 Organizations - Non-Profit Discount
	Microsoft Certified Consultants, Microsoft Experts - Microsoft Gold Certified Partner
	.NET Software Development, Microsoft Certified Solution Developers, .NET architecture and development, Requirements management, Website architecture, User interface design, Database design, SQL Server performance tuning, SQL Server Reporting Service, XML Web Services, Web development using ASP.NET, Software development with VB.NET and C#, Microsoft "Click Once" application development, E-Commerce development, User support & ongoing maintenance, Mentoring with your existing staff, Software Testing & QA - .NET Development
	Data Protection Manager, Configuration Manager, Virtual Machine Manager, Operations Manager - System Center Consultants
	Silicon Valley IT Consultants, Orange County Computer Consultants, Oakland IT Consultants, Sacramento IT Consultants, Las Vegas IT Consultants, San Francisco IT Consultants, San Jose IT Consultants, Los Angeles IT Consultants, San Diego IT Consultants, Reno IT Consultants, Irvine IT Consultants, Long Beach IT Consultants, Stockton IT Consultants, Colorado IT Consultants, Seattle Network Consulting