About the course We work on the principle that “if you have done it you will understand it”. Therefore do expect this course to involve you a great deal in discussions, workshops and especially examining the system hands on. By the end of the course you will be familiar with SQL Server’s client interface, the Query Analyzer monitor and with simpleT- SQL queries. In particular, you will come to understand the language surrounding SQL Server and will gain immediate credibility talking to the experts you will inevitably have to work with. Furthermore, by understanding the technology the descriptions of risk will become immediately understood. This hands-on course is intended for auditors and security specialists who are aware their businesses use SQL Server based products, but do not understand the database platform and therefore the risks it may carry. You will learn how SQL Server is built and a concept of what the various categories of user do on the database and the risks they carry. Hands on labs will show you how to scan the system for objects, especially sensitive tables. And to find out who can do what to them. Further more, in this age of web technology, the concept of the authenticated user accessing parts of your data is passing away. It could be anyone! Audience Typically our audiences comprise computer auditors and security specialists wishing to see how to close weaknesses on a SQL Server, and how to check this has been done. This course may serve also as a useful introduction to SQL Server to those wishing to go on to database administration, or database programming, in security conscious organizations. Audit planners and managers may also wish to attend. Prerequisites You should have a basic understanding of what is involved in a RDBMS and be familiar with the processes used by computer auditors in examining systems in general. Some aptitude for programming may be useful. Some commands are entered into a terminal screen and you should feel comfortable doing this. Duration 2 days