Mladen Prajdic on SQL Injection: From website to SQL Server

SQL Injection is still one of the biggest reasons various websites and applications get hacked. The solution, as everyone tells us, is simple: Use SQL parameters. But is that enough? In this session, we’ll look at how an attacker would go about using SQL Injection to gain access to your database, see its schema and data, and do nasty stuff to both. Then we’ll see how to battle such attacks at the UI front, the middle tier, and the SQL Server back end.

We'll also take a look at some other forms of how to attack the website.

Mladen Prajdic is a SQL Server MVP from Slovenia and a C# and SQL Server developer for over 10 years. He’s been involved in various projects from standard line of business apps, website development to image processing.He blogs at http://weblogs.sqlteam.com/mladenp. In his free time he develops a hugely popular add-in for SSMS, called SSMS Tools Pack (http://www.ssmstoolspack.com/ )

William Durkin on Database Replication - What, How, Why?

Database replication doesn't get much attention, especially now that the AlwaysOn features have been released into the wild. However, replication offers another way to make data available on multiple servers/locations that steps outside of "normal" HA/DR scenarios. This session will explain what database replication is, what the different parts are that make up the replication architecture and when/why you would use replication. The content will be valid for all versions of SQL Server from 2005 onward.

William Durkin is a SQL Server DBA with 8 years’ experience starting with SQL Server 2000, born in the UK and now based in Germany. He has worked on small single user instances, medium volume OLTP systems and multi-TB data warehouses. His most recent project was creating a world-wide, 12 site transactional replication system (buy him a drink and he'll tell you the story!)

André Kamman on Automating your SSIS development with BIML

Ever tried to import a file with the Import/Export wizard?
Or created a bunch of SSIS packages to process a data warehouse load?
Then you know how much work it is to specify the metadata correctly just to create a package that actually works.
Wouldn't it be cool if you had a descriptive language which looks at your metadata and just created the packages for you?
This is what BIML is all about.
In this session André explains what BIML is, how it works and he will show you how you can generate your packages and quickly respond to changes.
You can expect a demo rich session with lots of notes from the field and practical examples.
This is not just for BI developers, DBA's or SQL dev's who need to import or export data occasionaly will learn some quick and easy tricks as well.

André is a partner at Aphelion Software in the Netherlands, a company focussing on SQL Server based data warehousing and PDW (Parallel Data Warehouse) in particular.
In previous roles he’s done a whole lot of DBA work on 100’s of servers where he discovered his love for Powershell and automating processes in general.

Today the better part of his day he’s building and tuning ETL processes where he uses a SSIS a lot.
André is a SQL Server MPV, co-founder and current leader of the Dutch PASS Chapter, conference lead for the PASS SQL Rally Amsterdam, he organises SQL Saturdays and loves to speak at them.