In The Art of War, Sun Tzu said, “If you know your enemy and know yourself, you need not fear the result of a hundred battles.” But, he went on to warn, “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.”
It’s for this reason that I recently picked up The Database Hacker’s Handbook: Defending Database Servers by David Litchfield and company. I wanted to know more about these miscreants who target database servers with their hacks, trojan horses, viruses, and worms. I worked a couple of 24-hour days during the Slammer debacle, so this hits particularly close to home.
Fortunately, the SQL Server vulnerabilities this book exposes have all been addressed through fixes to the product itself or widely-publicized best practice recommendations. However, the book is still a must-read if you want to know your enemy. If you want to know how they think, what they see as the weak spots in the product, what they view as your weaknesses as a DBA and database developer, this book is a great read.