Creating Azure SQL Databases

Advanced Incident Response

Having a known and documented incident response plan is important these days, as more and more companies are having security incidents.

Would You Want to be on the Red Team?

A red team might be a fun job for some, but not for Steve.

The Level of Security These Days

How comfortable are you with your password security? Today Steve asks given some data on the various times it takes to crack passwords.

Can We Please Stop Sending Passwords Over the Wire?

While analyzing SQL Server's network protocol, I came across a weird fact: when a database client logs in using SQL Server authentication (as opposed to Windows authentication), it has to send the user's password to the server, in blatant violation of common security guidelines. At first, I couldn't believe it; SQL Server generally does an […]

A Real World Security Reminder

A reminder today that security in the physical world can affect the digital world.

Teams Security Issues

There are a few security issues in the Teams application from Microsoft, and Steve notes that some of the push for new features can be a problem in this area.

Query control made easy

Overview As we all know, data security is a never-ending battle. Every day, we hear of new data breaches. It's a hard problem, and there is no single solution, other than a defense in depth. Let's look at one of those defenses for databases: query control. Query control is a simple idea: most applications access […]

How to (Somewhat) Increase SQL Server Security

Problem Some time ago Argenis Fernandez(@DBArgenis) found and described a vulnerability that allows you to get into SQL Server with 'sa' rights. This method does not require a restart of the SQL Server service or the whole machine, the condition is a local administrator account on the server. Reminder SQL Server until 2008R2: Until SQL 2008R2, […]

The Challenge of Edge Security

We will see databases deployed on the edge, and we will need strong security patches.