Edwin M SarmientoSQL Server Security – Edwin M Sarmiento

Two SQL Server Webcasts from MSSQLTips.com

Edwin M Sarmiento — Thu, 24 Jul 2014 14:46:54 +0000

I’ve done two SQL Server webcasts for my friends at MSSQLTips.com. One is regarding security best practices for deploying SQL Server databases in the cloud. As more and more customers are thinking of deploying databases in the cloud, security is one of their main concerns. In the webcast, I talked about principles and concepts on securing databases in the cloud. You can check out the recording from the MSSQLTips.com website.

The second one is about networking best practices for SQL Server high availability and disaster recovery. The premise of the webcast is that SQL Server DBAs are now dependent on the things that they have no control over. Knowing what SQL Server depends on for high availability and disaster recovery enabled SBAs to be better prepared to communicate with the other teams to meet their overall objectives. You can check out the recording from the MSSQLTips.com website.

>Microsoft Source Code Analyzer for SQL Injection

Edwin M Sarmiento — Tue, 15 Jul 2008 07:40:00 +0000

>With the recent mass SQL injection attacks, Microsoft has developed a new static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Web developers can run the tool on their ASP source code to identify the root cause of the attack and address them to reduce their exposure to future attacks. You can download the tool from the Microsoft Download Center and use it on your own infrastructure to test. If you find any bug or what not, just go to this site to report it.

Now, this doesn’t mean only web applications are prone to SQL injection attacks. Even Windows-based applications are so make sure you check them as well.

>So, you think your secured, patched and updated servers are secure?

Edwin M Sarmiento — Mon, 02 Jun 2008 04:15:00 +0000

>So, we patch our servers, subject them to numerous security scans, implement security best practices and expect them to be secured? That’s ridiculous.

I have been trying to convince developers how a functional application can be vulnerable if they do not implement security best practices in writing codes. I come from a developer background as well and with tight and unreasonable deadlines, developers are only concerned with functionality and nothing more. But with the increasing incidents of websites being defaced because of SQL injection attacks, there’s no doubt that as long as applications are running on servers, there will always be security vulnerabilities. SQL injections attacks are no respecter of platforms nor database engines. So better have a look at your application codes.

A Microsoft blog post on SQL injection attack is available here.