One of the most often successfully attacked targets is the data that resides in a database server and SQL Injection is still one of the most common attack types.
In this purely demo-based session, Andreas Wolter, former Program Manager for Access Control in SQL at Microsoft will show several real-life attacks, from mere reading up to disrupting service availability via various types of manuals performed SQL Injection, including an elevation of privileges attack to sysadmin level. If you have a database-server which is accessible by processes beyond your direct control or that even can be reached by some kind of frontend applications and you are unsure regarding the possible security implications to watch out for, this session is meant for you.