Posts tagged "SQL Injection"

Blocking SQL Injection with IIS Request Filtering

February 6, 2015 / Peter Viola / IIS, Windows Server 2008, Windows Server 2012

SQL Injection became a favorite hacking technique in 2007. Despite being widely documented for so many years it continues to evolve and be utilized. Because SQL Injection is such a well known attack vector, I am always surprised when as sysadmin I come across someone’s site that has been compromised by it. In most instances […]

IIS, IIS 7, IIS 8, Request Filtering, SQL Injection

Solving SQL Server High CPU with IIS Request Filtering

July 27, 2014 / Peter Viola / IIS, SQL Server, Windows Server 2012

The other day I was troubleshooting 100% CPU utilization on a SQL Server 2008 database server. The server had 100 or so databases of varying sizes however none were larger than a few hundred MB and each database had a corresponding web site on a separate web server. Since the server hosted quite a few […]

DTA, IIS, IIS 7, IIS 8, Log Parser, SQL Injection, SQL Profiler