Common SQL Server Security Mistakes
In my Presentation: Common SQL Server Security Mistakes (link), I mentioned a number of different resources for additional learning.
Here they are (and I may update these over time).
Core SQL Server Security / Background
43% of companies surveyed in 2009 had lost data to hackers
I also have a script available which you can use to create an sp_execproc database role which is a great option for forcing applications to only use sprocs for additional security/lockdown. Eventually I’ll provide a blog post on how to use that (and how to address some of the limitations). But if you’d like that script, just ping me at mike at overachiever.net.