SQL Server vulnerabilities and assessment

SQL Server has many features to keep the database secure, but you must implement them to benefit. In this article, Priyanka Chouhan describes how to do a vulnerability assessment of SQL Server.

Project Zero for Better Security

Project Zero from Google aims to study zero day vulnerabilities. Steve hopes it leads to better security.

Creating Azure SQL Databases

Advanced Incident Response

Having a known and documented incident response plan is important these days, as more and more companies are having security incidents.

Would You Want to be on the Red Team?

A red team might be a fun job for some, but not for Steve.

The Level of Security These Days

How comfortable are you with your password security? Today Steve asks given some data on the various times it takes to crack passwords.

Can We Please Stop Sending Passwords Over the Wire?

While analyzing SQL Server's network protocol, I came across a weird fact: when a database client logs in using SQL Server authentication (as opposed to Windows authentication), it has to send the user's password to the server, in blatant violation of common security guidelines. At first, I couldn't believe it; SQL Server generally does an […]

A Real World Security Reminder

A reminder today that security in the physical world can affect the digital world.

Teams Security Issues

There are a few security issues in the Teams application from Microsoft, and Steve notes that some of the push for new features can be a problem in this area.

Query control made easy

Overview As we all know, data security is a never-ending battle. Every day, we hear of new data breaches. It's a hard problem, and there is no single solution, other than a defense in depth. Let's look at one of those defenses for databases: query control. Query control is a simple idea: most applications access […]