1) Create User WebUser
2) Make it db_Owner for the application database
3) Execute below SQL statements
use [master]
GO
DENY SELECT ON [INFORMATION_SCHEMA].[TABLES] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[COLUMNS] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[VIEW_COLUMN_USAGE] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[CONSTRAINT_COLUMN_USAGE] TO [Public]
DENY SELECT ON [INFORMATION_SCHEMA].[COLUMN_PRIVILEGES] TO [Public]
GO
Use [SQLInjection]
GO
DENY SELECT ON [sys].[columns] TO [test]
DENY SELECT ON [sys].[tables] TO [test]
DENY SELECT ON [sys].[syscolumns] TO [test]
DENY SELECT ON [sys].[sysobjects] TO [test]
DENY SELECT ON [sys].[objects] TO [test]
DENY SELECT ON [sys].[syscomments] TO [test]
GO
