Common SQL Server Security Mistakes
In my Presentation: Common SQL Server Security Mistakes (link), I mentioned a number of different resources for additional learning.
Here they are (and I may update these over time).
Core SQL Server Security / Background
43% of companies surveyed in 2009 had lost data to hackers
Repudiation
The Seven Steps to Successful SQL Server Auditing
Escalation
David Penton’s Not-so Dynamic Sql (SQL Injection)
Least Privilege
SQL Server 2005 Security Best Practices - Operation and Administrative Tasks
Process Monitor (great for troubleshooting when de-privileging service accounts)
SQL Server Credentials and Proxies
I also have a script available which you can use to create an sp_execproc database role which is a great option for forcing applications to only use sprocs for additional security/lockdown. Eventually I’ll provide a blog post on how to use that (and how to address some of the limitations). But if you’d like that script, just ping me at mike at overachiever.net.
Comments
Loading Comments...