With the General Data Protection Regulation (GDPR), becoming effective in 2018, a company can become liable up to millions of euros in case of infringements.

To protect one’s data in the best possible way, a number of steps have to be taken after classification in order to achieve Compliance.

The first step is a standardized Security Check to obtain a first impression of the SQL Server environment in terms of “Security by Design.”

To imitate attacks from the outside and (probably even more important) from the inside, special SQL Server penetration tests can be carried out. Here, special tools such as the Metasploit Framework and the included sqlmap as well as manual methods will be implemented. Of course, it will be agreed beforehand whether it will be about mere reconnaissance and enumeration, or also, on a test basis, exploitation.

Moreover, qualified Code Checks can be carried out to examine its susceptibility to SQL injection.

All checks will be documented in a clear manner. Subsequently, I will be happy to help eliminate the vulnerabilities detected.

Further measures can be, among others, a complete Security Concept for SQL Server that will cover the entire development process up to the productive server. – Because most attacks and data leaks emerge from the inside.