I just received great news that one of my sessions, Attacking SQL Server, was picked by the community for SQLRally. That means I'll have two presentations to give in Dallas!

Attacking SQL Server

Database Administration Track

It is a well-known maxim in warfare to know your enemy. In this session, we'll take a look at how attackers go after SQL Server, both directly and through indirect means such as the application and the operating system. We'll talk about the typical attack methodology and what you can do to secure your SQL Server and your applications from attack.

We'll examine normal response mechanisms to attacks like SQL injection and how attackers have creatively elevated their techniques to bypass those defenses. We'll also consider mechanisms outside of SQL Server, such as OS-level tricks like IPSEC policies and network access control lists that you can take back to your shop and work with other IT professionals to get implemented. Finally, we'll discuss what can happen once a SQL Server is compromised and how it can be used as a vector for further attacks into your enterprise, how to craft your practices to prevent this, and what to consider when the real goal of the enemy might not be your SQL Server, but something greater (such as your domain).

Windows Operating System Internals for Database Pros

Database Administration Track

In this session, we’ll take a look at Windows operating system internals, including kernel architecture, threads and processes, memory usage, and I/O, and how they affect how SQL Server performs and acts. By having a good understanding of how the operating system works under the covers and how it interacts with the SQL OS, you will gain a deeper knowledge of what’s going on with your SQL Servers and where performance issues may be on your systems.