Recover from a SQL Injection Attack on SQL Server

Lately it seems like SQL Injection attacks have been increasing. Recently our team has worked through resolving a few different SQL Injection attacks across a variety of web sites. Each of these attacks had a number of similarities which proved to point back to the same source. With this information in hand, the resolution should be much quicker. As such, if your web site is attacked with SQL Injection, how should you address it? How can the identification, analysis, recovery and resolution be streamlined? What are some lessons learned?

Hashing

Building a Security Philosophy

SQL Server trainer and expert DBA, Andy Warren, thinks that everyone should have a philosophy about security. He starts this installment in looking about how to assign administrative privileges.

Remove SQL Logins from All Databases and SQL Server

Locate and remove/delete user logins from all databases and even SQL server.

References Permission

To Check for Orphaned Users in a Database

This script is helpful to identify the orphaned users in a database, useful when we restore a database from a different location.

How insiders hack SQL databases with free tools

When you find out how easy it is for insiders to hack SQL Server databases with a few free security tools and a little luck, you'll re-examine your database security practices.

Impersonation in an Execute As statement

Encryption

Password Issues