Changing the Schema

Secure Communications

Secure Cached Plans

Cross-database ownership chaining in SQL Server: security risks, behavior, and privilege escalation

A dangerous privilege-escalation path exists in SQL Server when cross-database ownership chaining, system database defaults, and overly permissive permissions are combined.

Why disabling the SQL Server sa account still matters in 2026

Every few years, someone asks a familiar question: do we really still need to disable the sa account in SQL Server? After all, it’s 2026. SQL Server has better encryption, better auditing, better defaults, and more security features than ever before. Surely this old guidance belongs in the past?

Guarding Against SQL Injection at the Database Layer (SQL Server)

This article presents a way to check and validate input before using it in your dynamic SQL queries to prevent SQL Injection problems.

Microsoft Security Changes and SQL Server

Windows is changing its security, which will affect SQL Server.

Exploiting SQL Server Date Correlation Optimization: How Tampered Backups Enable Cross-Database Data Leaks

This article is a follow-up to SQL Server DBaaS Vulnerability: Decrypting System Code & Exfiltrating User Data, in which we saw some vulnerabilities that affected pretty much all DBaaS offerings available in the cloud. Now, we’ll look at another vulnerability that once again affects every major cloud vendor.

SQL Server Privilege Escalation via Replication Jobs

Learn how attackers can exploit SQL Server replication cleanup jobs to escalate privileges from db_owner to sysadmin

Which Result II