This site is dedicated to those who are serious about security - specifically, Microsoft SQL Server security. Whatever your feelings about Microsoft, the bottom line is that these servers are showing up everywhere and its time we learned how to properly secure them. At this site we do just that. We find problems, post solutions, and get the word out. If anyone tells you that security ends with the OS, they are dead wrong. Many times excellent network and host-based security has been bypassed exposing the very heart of the enterprise: all because of poor SQL Server configuration.   

"There is no 'patch' for stupidity."

Recent Blog Entries

  • A Sleeper Awakens
    OK - I admit I've been neglecting posting for a little while but I'm back.  Of course - much of the focus of security these days is in the application space but SQL injection remains a large part of that.  My focus will shift more to this area going forward.
    Posted Mar 12, 2015, 9:05 AM by Chip Andrews
  • Version 1.3 of sqlver released
    Thanks to Frank Brown for releasing his additions to the sqlver tool.   Frank has added SQL 2012 detection as well as a new registry GetEdition()  lookup (single instances only for now).  Check it out in the Downloads area.
    Posted Oct 15, 2013, 5:48 AM by Chip Andrews
  • Mobile SQL Server Management
    I've been using the Solarwinds Mobile Admin Client (and server) now for several months and I have to say it is very powerful for managing SQL Server (among other things) while on the run.  It works by installing a server component on your network and then enabling SSL so you can connect from your mobile app.  While the connection to the Mobile Admin server can be encrypted - there is no requirement for doing so be sure to set your config properly.
    Posted Jul 20, 2013, 6:03 PM by Chip Andrews
  • Another patch tool
    While not open source, if you need a simple tool to patch third-party applications on a Windows machine you may want to check out  They've done a good job of automatic a process that should have been automated a long time ago.  What is needed now is to have a similar application delivered as a system service that runs on all computers in a domain.  Microsoft Systems Center Configuration Manager is close but who has time to constantly create new deployment packages?  The folks at patchmypc have the right idea.  They maintain the package database - you just choose which applications you want to patch.
    Posted Mar 24, 2013, 8:06 AM by Chip Andrews
Showing posts 1 - 4 of 14. View more »

In The News