This site was created (July, 1999) out of my frustration at the lack of discussion on the topic and its importance in enterprise security. It seems there is plenty of talk about NT security and IIS but very little on the application services front. I also became frustrated at the lack of security checklists that seem everywhere for securing about every other aspect of NT.
My efforts for this site began after publishing some articles to Microsoft Certified Professional Magazine concerning SQL Server and then focusing on the security issues I kept running into day after day. Since then, I have written for several other periodicals such as SQL Server Magazine and Dr. Dobbs journal as well as co-authored several books on the subject. I hope you find the materials and information useful in your own security efforts.
I can't count the times I have seen shops that spend hundreds of thousands of dollars on security software and hardware and then leave a SQL Server lying around unsecured. Dumb. Let's end it.
This site in no way affiliated with Microsoft nor does it promote any Microsoft products or philosophies but I use SQL Server daily and find it to be a capable and powerful tool for providing business solutions. Because of this, it should be as secure as possible. Protect yourselves and your customers.
- Chip Andrews
(c h i p @ s q l s e c u r i t y . c o m)
Also a special thanks to the following contributors:
Ken Klaft (For helping to track SQL Server versions)
Cody Benson for the awesome logo and design help
Black Hat Presentations