Generates TSQL scripts to move logins and permissions from one server to another. Moves either a single log-in or group of logins. Generates permissions on a single database or across all databases. Provides a simple view of logins and permissions.
 read more ...

Idera's SQL compliance manager provides a powerful auditing and compliance solution for Microsoft SQL Server users. SQL compliance manager provides: low overhead data collection, a central repository of audit data, a central management console, pre-defined compliance reports, an auditors console for ad-hoc queries, reporting and forensic analysis, and efficient, secure data archival. read more ...

In addition to auditing data access, Entegra can also audit DML changes, and can audit and alert on DDL changes. And it does this without triggers. Entegra doesn't establish policies, but rather can confirm that policies are working - or indicate that changes are in order. read more ...

Audits data modifications within SQL Server using stored procedures and triggers. read more ...

GFI LANguard Network Security Scanner audits network security and provides service pack & hot fix level, hostname, shares, logged on user name etc. for each network machine. It also does OS detection, password strength testing, detects registry issues and more. Allows you to remotely install security patches and service packs. Free for non-commercial use. read more ...

Excellent tool for discovering and patching SQL server instances. Of course, it all does operating system patches and as well Exchange. Check the site for a complete list of supported products. read more ...

Service Pack Manager 2000 claims existing support for SQL Server 7 and 2000 as well as Windows NT/2000 Exchange, ISA Server, and Outlook. Be wary about lack of multiple instance support. read more ...

Promises SQL Server patch managment but it is not clear whether multiple instances are support or if they can be applied remotely. The documentation claims SQL Server can only be scanned if the product is installed locally. read more ...

Free code generator from Microsoft. Can yield secure data objects through automated generation of best practices code. Also generates simple user interface code as well as stored procedures. read more ...

Code Generator that supports ASP, ASP.NET, PHP, Perl, JSP, ColdFusion code and works with most any RDBMS system. A good choice for new programmers learning to code or experienced developers who want to write CRUD (Create/Read/Update/Delete) applications quickly and securely. Generated code contains consistent input validation and data scrubbing. read more ...

Utility to crack SQL Server passwords. Can be used to audit for weak passwords. read more ...

Provides advanced authentication products for SQL Server including a two-factor authentication mechanism called Enzo. read more ...

Scuba by Imperva is a free, lightweight Java utility that scans Oracle,
DB2, MS-SQL, and Sybase databases for known vulnerabilities and
configuration flaws. Based on its assessment results, Scuba creates
clear, informative reports with detailed test descriptions. Summary
reports, available in Java and HTML format, illustrate overall risk
level. With Scuba by Imperva, you are quickly on your way to meeting
industry-leading best practices for database configuration and
management.
 read more ...

With WebInspect, auditors, compliance officers, and security experts can perform security assessments on Web applications and Web services. read more ...

Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery. read more ...

Burp suite is an integrated platform for attacking web applications. It contains major upgrades of all the burp tools, with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. Interesting but the free version is limited. read more ...

Paros proxy is capable of scanning applications for a multitude of security vulnerabilities including SQL Injection. Highly recommended. read more ...

NTOSpider is the first next-generation web application vulnerability scanner, providing automated vulnerability assessment with unprecedented accuracy and comprehensiveness. Able to quickly scan and analyze large complex web sites/applications, NTOSpider identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure. read more ...

Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix WVS 2 crawls an entire website, launches popular web attacks (SQL Injection, Cross Site scripting etc.) and identifies vulnerabilities that need to be fixed. read more ...

Tool to inspect a SQL Server installation and compare its configurating against Microsoft's security recommendations. read more ...

Microsoft's free security analysis tool scans for OS level patches as well as IIS and SQL Server patches and configuration errors. read more ...

SQL Server scanner with script generator to create lockdown (and un-lockdown) scripts based on current configuration. read more ...

Scan for SQL Server vulnerabilities. Perform Audits. Check permissions. Includes scheduled scans, online updates, and SQL Server instance scanning. read more ...

SQL Server scanner that probes for vulnerabilities and produces reports. read more ...

Can be used to audit for security policy compliance of SQL Servers and operating systems. read more ...

DataSecure claims to automate much of the configuration and implementation process and it can now be deployed with complete application transparency—meaning applications don’t need to be altered to accommodate the changes dictated by encryption. read more ...

SQL Shield improves the internal encryption of the MSSQL Server for T-SQL Code. SQL Shield protects stored procedures, triggers, functions and views from being decrypted by any existing decryptors. All encrypted code remains executable. read more ...

A Driver technoloy which allows a plug-and-lay encryption of SQL data without rewriting code. SafeJDBC automatically encrypts and decrypts the data on the fly, while using the existing application code. SafeJDBC Version 1.01 works with Windows NT/2000 Java applications accessing Microsoft SQL Server databases. (The pure ODBC version is still in development).  read more ...

XP_CRYPT - Easy-to-use, affordable, and effective security solution for encrypting column and row data in MSSQL Server and Oracle .  read more ...

Ecatenate dbLockdown 1.0 is a database tool to protect SQL Server and MSDE databases. The tool encrypts stored procedures, triggers, user defined functions and views. Database scripts encrypted are automatically archived and can be restored at any time. dbLockdown uses SQL Server's native encryption and therefore does not compromise the functionality of database scripts. Free evaluation available.  read more ...

Offers file-level and column-level database encryption.  read more ...

Actually, this product can enforce encryption, advanced auditing, role-based access, and more granular authorization than the nation SQL Server offerings. Worth a look if you have very strict database security requirements. read more ...

Encrypt field-level data within SQL Server.  read more ...

Encrypted and compressed SQL Server Backups. read more ...

RATS, the Rough Auditing Tool for Security, is a security auditing utility for C and C++ code. RATS scans source code, finding potentially dangerous function calls. The goal of this project is not to definitively find bugs (yet). The current goal is to provide a reasonable starting point for performing manual security audits. read more ...

Free tool from Microsoft to scan source code for flaws including security vulnerabilities. read more ...

Idera’s SQLsafe Freeware Edition is a SQL Server database backup and recovery tool. SQLsafe Freeware Edition gives you a really high-performance backup and recovery engine, a scriptable interface (command line and XSP) and the ability to backup and compress any size and any number of databases, all for free. read more ...