Security Basics: Understanding the Surface Area
When it comes to securing a system, it's important to understand how it might be attacked. That's what surface area...
2009-06-01
1,324 reads
Brian Kelley
- Interests: Chess, Reading, Soccer (Football), Baseball, Animals, Theology
Security Basics: Applying the Principle of Least Privilege Properly
Whenever I do a security presentation, I make sure to cover the Principle of Least Privilege. And when I do...
2009-05-29
3,155 reads
Why I Say Something about Running as Administrator
On a couple of recent webcasts, I pointed out the folks were running with the local Administrator account. To start...
2009-05-28
2,159 reads
Catalog view: sys.tcp_endpoints
I was playing around with the endpoint catalog views this afternoon just looking at ways to do poor man's configuration...
2009-05-27
2,826 reads
Speaking at Augusta Developer's Guild
Tomorrow night, May 28th, I'll be speaking the Augusta Developer's Guild. This is a make-up from earlier in the year...
2009-05-27
1,380 reads
SQL Injection - Why I Don't Think Parameterization is Enough
One of the main defenses touted against SQL injection attacks is to use proper parameterization at the application layer. But while this gets most of the cases, there are clearly examples where this alone fails. For instance, consider the stored procedure...
2009-05-20
3,948 reads
Sick? Stay home!
Yesterday I did something I wouldn't have thought of doing a year ago: I stayed home. When I woke up,...
2009-05-19
844 reads
SQL Injection - Why I Don't Think Parameterization is Enough
Note:Since there have been several comments on this, I'm using parameterization at the application layer in the security sense of...
2009-05-15
2,706 reads
Rant: Is It an Effective Control or Not?
This is spurred on by a comment a pen tester made. He was referring to a particular technology and said something to the effect of, "What do you expect? It's 30 year-old technology." I was stunned when the comment was relayed to me. My response...
2009-05-13
2,363 reads
Rant: Is It an Effective Control or Not?
This is spurred on by a comment a pen tester made. He was referring to a particular technology and said...
2009-05-05
1,248 reads
Blogs
“We love to debate minutiae”
By Brian Kelley
I am guilty as charged. The quote was in reference to how people argue...
Advice I Like: Knots
By Steve Jones
Learn how to tie a bowline knot. Practice in the dark. With one hand....
Shifting Mindsets: Why FinOps is Essential for Cloud Efficiency
By HeyMo0sh
As a DevOps practitioner, I’ve always focused on performance, scalability, and automation. But as...
Forums
how to write this query?
Hi everyone I asked this earlier but the desired outcome is a bit different...
Windows logins for users migrated from DomainA to DomainB
Hi, I have a SQL Server instance where users connect to via Windows Authentication,...
Multiple Deployment Processes
Comments posted to this topic are about the item Multiple Deployment Processes
Question of the Day
Upgrading Admin Queries
I have a query from a former DBA that we run on SQL Server 2025 to check on database metadata. This query references sys.sysaltfiles. I want to refactor this code to be more modern. Which DMV should I reference instead?
See possible answers