Free Online SQL Server Training for the Week of November 24, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Monday, Nov 25:

Tuesday, Nov 26:

Training Providers I Regularly Review:

Free Online SQL Server Training for the Week of November 17, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Tuesday, Nov 19:

Wednesday, Nov 20:

Thursday, Nov 21:

Training Providers I Regularly Review:

What If Someone Tampered with the Process?

I’m a big fan of automation. Automation means I can do more. Automation means I eliminate the mundane stuff to focus on critical things. I like automation as an IT professional.

However, as a security professional, a question that is ever present in my mind is,

“What if someone tampered with the process?”

Case in point: you have an automated process to build VMs. That includes configuring particular security groups for a particular type of build in the local Administrators group (you should already be doing some of this with group policy, but that is automation as well). What if an attacker was able to slip into the automation to include a particular account or a particular group? How long would it be before you caught it?

This is why I’m a big believer in a human putting eyes on automation results at some point and relatively frequently at that. In fact, I’m a big believer in multiple levels of verification. Maybe it’s my military background and things like the two person rule. If you’ve watched a movie like Crimson Tide you’ve seen it in action. Two people have keys that must be used together. This ensures that one person, acting alone, can’t do something devastating (in a relative sense).

I know there’s a balance to be met. Too much manual effort and you undo the benefits of automation. However, too much reliance on automation and you’re eventually going to miss something.

Recording of SQL Injection Webcast Now Available

On Tuesday I gave a webcast along with MSSQLTips on SQL Injection. If you were unable to attend (or were able to attend and want to see it again), you can view it at the following link [registration required]:

SQL Injection: What it is, how it happens and how to stop it?

I was asked about the slides and scripts. You can find them as a download here:

SQL Injection Presentation Materials

Free Online SQL Server Training for the Week of November 10, 2013

If you’re a training provider and I’ve missed you, please drop me a line at brian {dot} kelley {at} sqlpass {dot} org.

All times are Eastern (New York). To convert to your local time, use the converter at timeanddate.com.

Tuesday, Nov 12:

Wednesday, Nov 13:

Thursday, Nov 14:

Training Providers I Regularly Review:

SQL Injection Webcast Today, November 5, 2013

Today, November 5th, in conjunction with MSSQLTips, I’ll be giving a webinar on SQL Injection. It will be at 2 PM Eastern (New York).

SQL Injection: What it is, how it happens and how to stop it?   [registration required]

The agenda for this webinar is:

  • Who Is the Enemy?
  • What Is SQL Injection?
  • Is SQL Injection Still an Issue?
  • SQL Injection in Action
  • Prevention Methods

New Performance Tips eBook Out from Red Gate

Not too long ago Red Gate asked for quick tips on SQL Server performance intended for developers. I sent a couple in. They’ve compiled those tips into a free eBook format. If you want to download it:

45 Database Performance Tips for Developers