Security Assessment Microsoft SQL Server

Data is one of the most valuable assets a company possesses. Whether its sensitive customer information, strategic plans, patents, financial details, employee records classified information or operational plans, you definitely don’t want any of this sensitive information to be exposed publicly or fall into the hands of competitors.

To effectively safeguard data and ensure compliance, several key steps must be taken.

The first step is a standardized Security Check to obtain a first impression of the SQL Server environment in terms of “Security by Design.”

To imitate attacks from the outside and (probably even more important) from the inside, special SQL Server penetration tests can be carried out. Here, special tools such as the Metasploit Framework and sqlmap as well as manual methods will be implemented. Of course, it will be agreed beforehand whether it will be about mere reconnaissance and enumeration, or also, on a test basis, exploitation.

Moreover, qualified Code Checks can be carried out to examine its susceptibility to SQL injection.

All checks will be documented in a clear manner. Subsequently, I will be happy to help eliminate the vulnerabilities detected.

Further measures can be, among others, a complete Security Concept for SQL Server that will cover the entire development process up to the productive server. – Because most attacks and data leaks emerge from the inside.

Learn more about the benefits and ask for your individual offer. Contact me here.

My background on security for SQL Server

With over 20 years of specialization in Microsoft SQL Server, I have trained DBAs and developers in security concepts and best practices, such as secure schema design, which I developed and have seen adopted globally. For 5 years I worked as program manager for the Azure data and SQL Server security team at Microsoft, where I initiated and spearheaded the overhaul of the permission system and designed the Integration of Microsoft Purview with SQL Server as well as SQL database access control with Fabric. Additionally, I was part of the security review team, advised the team on Vulnerability Assessment and Threat Protection for SQL Server and managed Log4J-advisory for the SQL Server team.