About

This site was created (July, 1999) out of my frustration at the lack of discussion on the topic and its importance in enterprise security. It seems there is plenty of talk about NT security and IIS but very little on the application services front. I also became frustrated at the lack of security checklists that seem everywhere for securing about every other aspect of NT.

My efforts for this site began after publishing some articles to Microsoft Certified Professional Magazine concerning SQL Server and then focusing on the security issues I kept running into day after day. Since then, I have written for several other periodicals such as SQL Server Magazine and Dr. Dobbs journal as well as co-authored several books on the subject. I hope you find the materials and information useful in your own security efforts.

I can't count the times I have seen shops that spend hundreds of thousands of dollars on security software and hardware and then leave a SQL Server lying around unsecured. Dumb. Let's end it.

This site in no way affiliated with Microsoft nor does it promote any Microsoft products or philosophies but I use SQL Server daily and find it to be a capable and powerful tool for providing business solutions. Because of this, it should be as secure as possible. Protect yourselves and your customers.

- Chip Andrews

(c h i p @ s q l s e c u r i t y . c o m)

Also a special thanks to the following contributors:

Ken Klaft (For helping to track SQL Server versions)

Cody Benson for the awesome logo and design help

Black Hat Presentations
Black Hat 2001 - SQL Server Security
Black Hat 2002 - More Techniques
Black Hat 2003 - Attack and Defense

My Publications
TechTarget - Patching SQL Servers - Part 1
TechTarget - Patching SQL Servers - Part 2
SQL Server Security - Osborne Press
Special Ops Security - Syngress Publishing
Globalized Web Applications and ASP.NET
MCP Magazine Article
SQL Server Magazine : Secure SQL Server Applications
Hacking Exposed : Windows 2000 - Chapter 11 
Black Hat 2001 presentations
Black Hat 2001 Presentation summaries PPTs and tools

Press
03-15-06 Computerworld Interview on SQL 2005 SP1
01-24-04 SearchSecuritry.com - Slammer Revisited
01-27-03 SearchSecurity.com - Slammer Worm
01-29-03 CNET - Slammer may not feed on Microsoft
02-03-03 ComputerWorld - Unprepared Firms Slammed
02-05-03 Slashdot - Interview with Kevin Mitnick










Advertising


Want to Advertise on SQL Security.com?