Common SQL Server Security Mistakes
In my Presentation: Common SQL Server Security Mistakes (link), I mentioned a number of different resources for additional learning.
Here they are (and I may update these over time).
Core SQL Server Security / Background
43% of companies surveyed in 2009 had lost data to hackers
The Seven Steps to Successful SQL Server Auditing
David Penton’s Not-so Dynamic Sql (SQL Injection)
SQL Server 2005 Security Best Practices - Operation and Administrative Tasks
Process Monitor (great for troubleshooting when de-privileging service accounts)
SQL Server Credentials and Proxies
I also have a script available which you can use to create an sp_execproc database role which is a great option for forcing applications to only use sprocs for additional security/lockdown. Eventually I’ll provide a blog post on how to use that (and how to address some of the limitations). But if you’d like that script, just ping me at mike at overachiever.net.