Search this site

Co-Authored Books:
This site is dedicated to those who are serious about security - specifically, Microsoft SQL Server security. Whatever your feelings about Microsoft, the bottom line is that these servers are showing up everywhere and its time we learned how to properly secure them. At this site we do just that. We find problems, post solutions, and get the word out. If anyone tells you that security ends with the OS, they are dead wrong. Many times excellent network and host-based security has been bypassed exposing the very heart of the enterprise: all because of poor SQL Server configuration.   

"There is no 'patch' for stupidity."

Recent Blog Entries

  • Veracode reports 32% of sites subject to SQL Injection
    Checking my calender - yep - almost 2012 and we still have 32% of sites with SQL injection vulnerabilities? Wow. Anyway - good reading and should give any security consultants out there hope for future business opportunities.
    Posted Dec 9, 2011 12:24 PM by Chip Andrews
  • The Mole - a cross-platform SQL Injection testing tool
    If you've ever wanted to play around with a SQL injection testing tool written in Python, you are in luck.  Sourceforge has a project called "The Mole" which can be used to test for SQL injection vulnerabilities on multiple platforms.  Give it a look! http://www.darknet.org.uk/2011/12/the-mole-automatic-sql-injection-sqli-exploitation-tool/
    Posted Dec 9, 2011 12:24 PM by Chip Andrews
  • SQL Azure Security
    If you have an interest in using a "SQL Server in the cloud" as a way to absolve yourself from worrying about SQL Server security - please remember to check the security documentation here first.  As always - your security mileage may vary and you will still be dealing with security challenges.  However, for the record, I am firm believer in cloud solutions in most instances.  There are very few people who can do security better than most vetted cloud providers.  Let them do the grunt work while you focus on business - and securing your application!
    Posted Nov 28, 2011 8:07 PM by Chip Andrews
  • SQLSecurity site redesigned
    The site has been streamlined and is now hosted on Google Sites.  Hopefully this should increase performance and uptime.  Please let me know if you experience any issues with the migration.
    Posted Aug 8, 2011 5:08 PM by Chip Andrews
Showing posts 1 - 4 of 5. View more »

In The News

Terms  |  Report Abuse  |  Print page  |  Powered by Google Sites