A very interesting feature was recently added to SQL Server Management Studio 17.4 (SSMS): The new SQL Vulnerability Assessment.
What is it?
SQL Vulnerability Assessment or VA, is a lightweight, easy to use tool to identify and help to remediate potential security vulnerabilities, these rules are based on Microsoft's best practices.
This reports executes at database level.
VA is included on SSMS 17.4 and it works for SQL Server 2012 and later.
- From the Management Studio,connect to the SQL Server database instance.
- Right click on the database to analyze and select Tasks > Vulnerability Assessment > Scan for vulnerabilities...
- Select the path to store the report and click OK.
- After a moment, the report is show.
You can now see all the vulnerabilities encountered with a brief explanation and a suggested fix for each one:
Failed rules Passed rules
You can also approve results to be marked as passed using the approve as baseline option, so the next time you run a scan it now marked as pass:
Just select the rule to mark ass approved:
A warning will now pop up:
Next time you run a scan, the rule is marked as pass: