Passively detect attempts to guess passwords

Review the error log for possible brute force or dictionary attacks on your SQL Server instance.

Loginless In Seattle

Identify orphaned Database Users and differentiate them from "Loginless" Database Users.

Change DB Owner to sa for multiple DB's

Changes DB owner to sa for Online DB's where owner is not sa

Algorithm Secrecy is not Security

This week Steve Jones talks encryption and why you shouldn't be implementing anything you've invented.

Stored Procedures and SQL Injection

Why do stored procedures help with security? In this piece, MVP Brian Kelley explains why SQL Injection and information gathering are hampered with stored procedures.

Security Change Snapshot

This script gives a server level snapshot of recent security changes

Protecting the SQL Server Backup folder

I want to backup my SQL Server databases to a folder, but I want to minimize who has access to the folder. In other words, I want to make sure that members of the Windows Local Administrators group don't get to the backups without intentionally trying to bypass the security. How do I do that?

Issues Determining an Individual SQL Server User's Permissions

Recently I was supporting a third party application. It queries to determine what tables it has permissions to before it proceeds with the rest of its functionality. We had implemented permissions based on the best practice of creating roles, assigning the permissions to the roles, and then making the users members of the roles. The application was querying INFORMATION_SCHEMA.TABLE_PRIVILEGES and of course didn't find any permissions directly against the user in question. We ended up granting explicit permissions to the user so the application would work, but I'm more interested in the general case. How can I determine permissions for an individual user?

Master Keys

The User Defined Server Roles in SQL Server 2012

This article describes how to create user defined server roles and use stored procedures and queries related.