...Course 10774A: Querying Microsoft SQL Server 2012 Length: 5 Days Prerequisites: Before attending this course, students must have: Working knowledge of relational databases. Basic knowledge of the Microsoft Windows operating system and its core functionality. Before attending this course, students should have: Basic understanding of virtualization technology (Classroom labs utilize virtual machines) To help you prepare for this class, review the following resources: Book: T-SQL Fundamentals for Microsoft SQL Server 2012 and SQL Azure MCTS Self Paced Training Kit 70-461 About this Course This 5-day instructor led course provides students with the technical skills required to write basic Transact-SQL queries for Microsoft SQL Server 2012. This course is the foundation for all SQL Server-related disciplines; namely, Database Administration, Database Development and Business Intelligence. This course helps people prepare for exam 70-461. All the labs for this course can be performed using the provided virtual machines. However, if you have a Microsoft Windows Azure account and the classroom virtual machines connect to the internet you may be able to connect to your Windows Azure server and database from the classroom. Many of the labs in this course are enabled for you to perform the lab while connected to your own Windows Azure database in the cloud. Your instructor should be able to provide a current list of Windows Azure enabled labs. To acquire a trial Windows Azure account click...
Words: 1666 - Pages: 7
...S. Sudarshan Day / Date Tue 21 May 2013 09:00 – 10:30 Inaugural remarks (15 mins) Relational Model, SQL Part 1: Relations and Relational Algebra, Basic SQL, Joins, Set operations (Chapters 1, 2 and 3) SQL Part 2: Aggregate functions, Nested Subqueries, Database modification (Chapters 3 and 4) Tea Break 11:00 – 13:00 Session Continues.. (last 30 min discussion/quiz) Lunch 14:00-17:00 Tea Break 5:15-6:00 10:30 – 11:00 13:00 – 14:00 Lab 1: Basic SQL Installing, administering and using PostgreSQL and pgAdmin3; Basic SQL queries Lab 2: Intermediate SQL Aggregation, nested subqueries, database modification 17:0017:15 No Session Wed 22 May 2013 Session 10:30 – Continues.. 11:00 (last 30 min discussion/quiz) 13:00– 14:00 17:0017:15 Linux System Admin. (IITB CSE Sysadms) Thu 23 May 2013 Fri 24 May 2013 Sat 25 May 2013 Sun 26 May 2013 SQL Part 3: Session Outerjoins, Transactions, Integrity 10:30 – Continues.. constraints, Triggers, 11:00 (last 30 min Authorization, JDBC discussion/quiz) (Chapters 4 and 5) ER Design (Chapter 7) Session 10:30 – Continues.. 11:00 (last 30 min discussion/quiz) 10:30 – 11:00 Session Continues.. (last 30 min discussion/quiz) 13:00 – 14:00 Lab 3: Advanced SQL Outerjoins, DDL: integrity constraints, authorization Lab 4: ER Design Tutorial (Last 45 mins for solutions discussion, broadcast) Lab 5: Normalization Tutorial (Last 45 mins for solutions discussion, broadcast) 17:0017:15 No Session ...
Words: 591 - Pages: 3
...Practice 1: Overview This is the first of many practices in this course. Practices are intended to cover all topics that are presented in the corresponding lesson. Note the following location for the lab files: E:\labs\SQL1\labs If you are asked to save any lab files, save them at this location. To start ISQL*Plus, start your browser. You need to enter a URL to access iSQL*Plus. The URL requires the host name, which your instructor will provide. Enter the following command, replacing the host name with the value that your instructor provides: http://<HOSTNAME:5561>/isqlplus In any practice, there may be exercises that are prefaced with the phrases “If you have time” or “If you want an extra challenge.” Work on these exercises only if you have completed all other exercises in the allocated time and would like a further challenge to your skills. Perform the practices slowly and precisely. You can experiment with saving and running command files. If you have any questions at any time, ask your instructor. Practice 1 Test your knowledge: 1. Initiate an iSQL*Plus session using the user ID and password that are provided by the instructor. 2. iSQL*Plus commands access the database. True/False 3. The following SELECT statement executes successfully: SELECT last_name, job_id, salary AS Sal FROM employees; True/False 4. The following SELECT statement executes successfully: SELECT * FROM job_grades; True/False 5. There are four...
Words: 520 - Pages: 3
...MET CS 669 Database Design and Implementation for Business SQL Lab 4 Instructions: Procedural SQL Objective The objective of this lab is to teach you how to develop and use basic stored procedures and triggers the procedural language of your chosen DBMS. Prerequisites Before attempting this lab, it is best to read the textbook and lecture material covering the objectives listed above. While this lab shows you how to create and use these constructs in SQL, the lab does not explain in full the theory behind the constructs, as does the lecture and textbook. The second section in this lab builds on Lab 3. It is best to complete Lab 3 first before completing the second section in this lab. Required Software The examples in this lab will execute in modern versions of Oracle and Microsoft SQL Server as is. Note that the first section in this lab has syntax specific to each DBMS, and you will need to complete the version for the DBMS you are using. If you are using a different RDBMS, you may need to modify the SQL for successful execution. Saving Your Data If you choose to perform portions of the assignment in different sittings, it is important to commit your data at the end of each session. This way, you will be sure to make permanent any data changes you have made in your curent session, so that you can resume working without issue in your next session. To do so, simply issue this command: COMMIT; Data changes in one session will only be visible only in that session...
Words: 6758 - Pages: 28
...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...
Words: 1054 - Pages: 5
...Brandon Cain 6/26/13 Unit 2: Lab 1: Cost of different cloud services: Amazon: Has a price range of $0.060 per hour on a Linux based system and goes up to $0.155 per hour for a Windows with SQL and Web system. You can purchase a per year upfront cost or stay at a monthly cost. Google: Offers you two pricing options, $5 per user per month or $10 per user per month. The $5 option does not give you any archiving, data retrieval or data discovery and export options. Where the $10 a month per user has those options. Rackspace: The pricing ranges from $0.022 per hour to $2.64 per hour for more resources. Bandwidth is calculated separately. Speed: Rackspace does not have a charge for incoming bandwidth. Outgoing bandwidth is $0.12/gb and no charge for private network. Amazon can give you up to 10 gigs a sec. Brandon Cain 6/26/13 Unit 2: Lab 1: Cost of different cloud services: Amazon: Has a price range of $0.060 per hour on a Linux based system and goes up to $0.155 per hour for a Windows with SQL and Web system. You can purchase a per year upfront cost or stay at a monthly cost. Google: Offers you two pricing options, $5 per user per month or $10 per user per month. The $5 option does not give you any archiving, data retrieval or data discovery and export options. Where the $10 a month per user has those options. Rackspace: The pricing ranges from $0.022 per hour to $2.64 per hour for more resources. Bandwidth is calculated separately...
Words: 1249 - Pages: 5
...Lab #8 – Assessment Worksheet Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. What is a reflective cross-site scripting attack? A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response using...
Words: 442 - Pages: 2
...lancehomework@gmail.com I. OBJECTIVES 1. Understand and become familiar with the SQL Analytical Extensions. 2. Learn to create, use, and maintain materialized views, and their functional equivalents. 3. Effectively apply Advanced Aggregate SQL Operations, such as GROUP BY ROLLUP to solve business intelligence questions and analytical processing problems. II. PARTS LIST 1. EDUPE-VT Omnymbus Virtual Machine Environment (https://devry.edupe.net:9090/) and/or: 2. MySQL (dev.mysql.com/downloads) III. PROCEDURE Scenario and Summary For the lab this week, we are going to look at how the ROLLUP and CUBE extensions available in SQL can be used to create query result sets that have more than one dimension to them. Both of these extensions are used in conjunction with the GROUP BY clause and allow for a much broader look at the data. To record your work for this lab use the lab report found at the end of this document. As in your previous labs, you will need to copy/paste your SQL statements and results into this document. Upon completion and prior to the due date, submit this document to the appropriate Dropbox. iLAB STEPS STEP 1: Setting Up For this lab you will be using a different user and set of tables than you have used so far for other labs. To set up your instance you will need to do the following. The first thing you will do for this lab is to run the following SQL Script. Begin by creating the DBM449Lab6 Schema, and creating...
Words: 3288 - Pages: 14
...lancehomework@gmail.com I. OBJECTIVES 1. Understand and become familiar with the SQL Analytical Extensions. 2. Learn to create, use, and maintain materialized views, and their functional equivalents. 3. Effectively apply Advanced Aggregate SQL Operations, such as GROUP BY ROLLUP to solve business intelligence questions and analytical processing problems. II. PARTS LIST 1. EDUPE-VT Omnymbus Virtual Machine Environment (https://devry.edupe.net:9090/) and/or: 2. MySQL (dev.mysql.com/downloads) III. PROCEDURE Scenario and Summary For the lab this week, we are going to look at how the ROLLUP and CUBE extensions available in SQL can be used to create query result sets that have more than one dimension to them. Both of these extensions are used in conjunction with the GROUP BY clause and allow for a much broader look at the data. To record your work for this lab use the lab report found at the end of this document. As in your previous labs, you will need to copy/paste your SQL statements and results into this document. Upon completion and prior to the due date, submit this document to the appropriate Dropbox. iLAB STEPS STEP 1: Setting Up For this lab you will be using a different user and set of tables than you have used so far for other labs. To set up your instance you will need to do the following. The first thing you will do for this lab is to run the following SQL Script. Begin by creating the DBM449Lab6 Schema, and creating...
Words: 3288 - Pages: 14
...principles to fully utilize the organizational role of information technology. This course provides core skills of data management for the relational database management systems. This course will review the theoretical concepts and applications of a modern relational database management system. In addition to a basic theoretical presentation of the database design concepts, students will be required to design and develop a database application using a modern fourth generation language system. This course teaches students data modeling and design techniques and how to transform data models into database designs. Another basic component of this course is the use of SQL – Structured Query Language. Students will also learn how to create databases, modify databases, and develop queries using SQL. In addition, this course also teaches the management of database resources in an organization. Course Learning...
Words: 1374 - Pages: 6
...Assessment Worksheet 97 LAB #7 – ASSESSMENT WORKSHEET Perform a Website and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: MNE 310 Student Name: Carl Sizemore Instructor Name: Williams Lab Due Date: 8/10/2014 Overview In this lab, you verified and performed a cross-site scripting (XSS) exploit and an SQL injection attack on the test bed Web application and Web server using the Damn Vulnerable Web Application (DVWA) found on the TargetUbuntu01 Linux VM server. You first identified the IP target host, identified known vulnerabilities and exploits, and then attacked the Web application and Web server using XSS and an SQL injection to exploit the Web application using a Web browser and some simple command strings. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production 7 Perform a Website and Database Attack by Exploiting Identified Vulnerabilities implementation? Penetration testing highlights what a real-world hacker might see if he or she targeted the given organization. The Penetraton test will give a security view in operational context and potential flaws can be discovered so that managment can make decisions about whether to allocated security resources to fix any discover problems. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting enables attackers to inject client-side...
Words: 491 - Pages: 2
...CIS 611: ENTERPRISE DATABASE SYSTEMS AND WAREHOUSING LAB ASSIGNMENT-2 NAME: KESHAV YERRA CSU ID: 2670843 Simulating a Simple Query Processor that evaluates a SQL Query in SelectFrom-Where Specification: This Simple Query Processor is created in order to read an input file and perform the necessary operations specified in that file and obtain the output. As this is a Simple Query Processor we can access only EMPLOYEE and DEPARTMENT tables because the classes are predefined by the user. JDBC/ODBC call is used to fetch the data of tables from SQL Server and the code is written in JAVA. We are using the tables which are created in Lab Assignment 1 in the COMPANY Database. Design & Implementation: First we need to create an input file which contains the execution steps. I have created an input file as “inputfile.txt” which contains the following text: Selection EMPLOYEE DNO=5 EMPS_DNO5 Join EMPS_DNO5 DEPARTMENT DNO=DNUMBER EMP_DEPT_DNO5 Projection EMP_DEPT_DNO5 Fname, Lname, SSN, Dno, Dname EMP_DEPT_ MGR_DEPENDENT Here there are three important cases which are: Selection Join Projection The main aim...
Words: 767 - Pages: 4
...Jaye Weinberg Lab # 4 Assessment Worksheet 1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in today's Internet world? RFI stands for Remote File Inclusion that allows the attacker to upload a custom coded/malicious file on a website or server using a script. This vulnerability exploits the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). RFI is a common vulnerability and all website hacking is not entirely focused on SQL injection. Using RFI you can deface the websites, get access to the server and do almost anything. What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one. 2. What country is the top host of SQL Injection and SQL Slammer infections? Why can't the US Government do anything to prevent these injection attacks and infections? The U.S. is the top host of SQL Injection and SQL Slammer infections. Cybercriminals have made vast improvements to their infrastructure over the last few years. Its expansion is thousands of websites vulnerable to SQL Injections. Malicious code writers have exploited these vulnerabilities to distribute malware so quick that the government cannot contain such a large quantity. 3. What does it mean to have a policy of Nondisclosure in an organization? It is a contract where the parties agree not to disclose information covered by the agreement...
Words: 319 - Pages: 2
...DD1334 Databasteknik Laboration 1: SQL Basics Andreas Gustafsson, Hedvig Kjellström, Michael Minock and John Folkesson The purpose of Laboration 1 is to learn how to retrieve rmation stored in relational databases. You will learn 1) how to formulate SQL queries and understand how they apply to the schema and how they are executed; 2) how constraints effect insertions and deletions; 3) about the basics of view, transactions, indices and triggers. The recommended reading for Laboration 1 is that of Lectures 1-7 , particularly Chap 6-8. Laboration Come prepared to the review session! Only one try is allowed – if you fail, you are not allowed to try again until the next lab session. The review will take 10 minutes or less, so have all papers in order. To pass you should have Completed Task 1 with at least 9 of the 10 queries right, completed Task 2 and able to explain why certain actions give errors and other do not, also 8 of the 9 steps should be documented showing you executed them correctly, Task 3 the output file should show that the trigger works as it should. The grade is A if passed when the review when due. See the Lab Grading page in bilda contents for the due dates for the labs and the grading of late assignments. Laboration 1 is intended to take 30h to complete. Computing Environment In this assignment you will use Nestor 2.0. Nestor is KTH’s logic engine (computer) dedicated to hold the databases used in this and other similar courses. Nestor is aptly named after...
Words: 2303 - Pages: 10
...CIS 336 Entire Course For more classes visit www.snaptutorial.com CIS 336 Entire Course: Devry University --------------------------------------------------------------------- CIS 336 Week 1 iLab 1 Devry University For more classes visit www.snaptutorial.com L A B O V E R V I E W Scenario/Summary This lab will introduce you to the processes involved in defining one of the key components of a data model; the relationship diagram (RD). In this lab, you will draw a relationship diagram for two of the steps shown. Keep in mind when you are trying to decide which side of the relationship should be the "one" side and which should be the "many" that you must first decide which side has the primary key, or unique identifier. Once you have decided the primary key of the relationship, you have identified the "one" side of the relationship. Note that for an RD, the foreign key "many" side of the relationship points to the primary key "one" side. The "one" side should have the arrowhead point of the connecting line. This is different than an entity/relationship diagram (ERD) that we will draw next week, where the "many" side has crow's feet. This will familiarize you with how to set up MS Visio to draw database diagrams. Steps 1 - 3 below use the Customer, Order, and Employee tables of a simplified Order Entry database. The Customer table records clients who have placed orders. The Order table contains the basic facts about customer orders. The Employee table contains facts...
Words: 3439 - Pages: 14
