About

This site was created (July, 1999) out of my frustration at the lack of discussion on the topic and its importance in enterprise security. It seems there is plenty of talk about NT security and IIS but very little on the application services front. I also became frustrated at the lack of security checklists that seem everywhere for securing about every other aspect of NT.

My efforts for this site began after publishing some articles to Microsoft Certified Professional Magazine concerning SQL Server and then focusing on the security issues I kept running into day after day. Since then, I have written for several other periodicals such as SQL Server Magazine and Dr. Dobbs journal as well as co-authored several books on the subject. I hope you find the materials and information useful in your own security efforts.

I can't count the times I have seen shops that spend hundreds of thousands of dollars on security software and hardware and then leave a SQL Server lying around unsecured. Dumb. Let's end it.

This site in no way affiliated with Microsoft nor does it promote any Microsoft products or philosophies but I use SQL Server daily and find it to be a capable and powerful tool for providing business solutions. Because of this, it should be as secure as possible. Protect yourselves and your customers.

- Chip Andrews

Black Hat 2001 - SQL Server Security

Black Hat 2002 - More Techniques

Black Hat 2003 - Attack and Defense

My Publications

TechTarget - Patching SQL Servers - Part 1

TechTarget - Patching SQL Servers - Part 2

SQL Server Security - Osborne Press

Special Ops Security - Syngress Publishing

Globalized Web Applications and ASP.NET

MCP Magazine Article

SQL Server Magazine : Secure SQL Server Applications