How to prevent SQL Injections

Being one of the top three most common web hacking techniques and most dangerous software weaknesses worldwide, it’s vital that your organization knows its implications and takes appropriate actions to address them immediately. It has been listed as number three in both the Common Weakness Enumeration (CWE) in 2022 and 2023, and in the Open […]

Choosing the right encryption feature for SQL Server

Encryption is the process of encoding information to protect data from unauthorized access in different scenarios. There are many different encryption technologies offered by SQL Server and Azure SQL Database. This post shows these features to help you decide which technology to choose and combine them to provide a layered security approach. SSL Transport Encryption SQL Database, […]

How to encrypt drives on live SQL Server with AlwaysOn

To encrypt drives for AlwaysOn, I would suggest these steps: – Do encryption during low usage hours. – encrypt drives on SECONDARY first. Without taking AlwaysOn offline. Do this during a low usage time slot. – Do one drive at a time. – Give a bit of time for IO to catch up. I’d wait […]

Azure SQL and Security best practices

Microsoft is grouping all the options for SQL running in the Azure platform into one portfolio.  A family of managed products, making it easier to see them and choose the best for your needs. Cloud computing requires new security paradigms unfamiliar to many application users, database administrators, and programmers. When it comes to Azure SQL Security, […]

Why should you care about users with elevated permissions in SQL Server?

The security model offered by Microsoft SQL Server is highly configurable and very robust when all security best practices are followed. Why should you care about it? The least-privileged user account (LUA) approach is an essential part of a defensive, in-depth strategy for countering security threats. By the way, this check is a part of […]

Little bobby tables and SQL injection?

SQL injection is a technique in which attackers insert malicious code into strings fields of an application (Web or not) that are later delivered to an instance of SQL Server for parsing and execution. They can use it to gain unauthorized access to your sensitive data like customer information, personal data, business secrets, and more.  Most times, he […]

SQL Server on Amazon RDS and security best practices

Let’s discuss running SQL Server on Amazon RDS and security best practices. We already reviewed some availability best practices, and now will focus on security best practices. We will divide it into access restriction, audit, and data encryption.  Access restriction (VPC, Security Groups, Subnets) We can restrict access at different levels. First,  creating an individual […]

SQL Server Data Encryption and your options for encryption

6 ways to encrypt data inside SQL Server [in 2019] We recently got a question from someone about how to encrypt large SQL Server database for compliance reasons with minimal impact on software applications. There are number of ways to approach SQL Server data encryption. For compliance or whatever the purpose. Conclusion: using combination of […]