Saturday, December 30, 2017

Happy new year 2018 to all!

From SQL Guatemala, we wish you a happy new year 2018.

 We hope this new year brings you joy and zero: production outages, corrupted databases, corrupted backups, full disks, and failed nodes hehehehe!

Also we wish for you all your desired certifications, your new software licenses and tools you need, no dumb users with sa privileges, and of course... a salarial raise!

Best wishes for all...

Tuesday, December 12, 2017

SQL Vulnerability Assessment

A very interesting feature was recently added to SQL Server Management Studio 17.4 (SSMS): The new SQL Vulnerability Assessment.

What is it?

SQL Vulnerability Assessment or VA, is a lightweight, easy to use tool to identify and help to remediate potential security vulnerabilities, these rules are based on Microsoft's best practices.
This reports executes at database level.

VA is included on SSMS 17.4 and it works for SQL Server 2012 and later.


Using VA

  1. From the Management Studio,connect to the SQL Server database instance.

  2. Right click on the database to analyze and select Tasks > Vulnerability Assessment > Scan for vulnerabilities...

  3. Select the path to store the report and click OK.

  4. After a moment, the report is show.
    You can now see all the vulnerabilities encountered with a brief explanation and a suggested fix for each one:
    Failed rules

    Passed rules

 

Baseline

You can also approve results to be marked as passed using the approve as baseline option, so the next time you run a scan it now marked as pass:

Just select the rule to mark ass approved:

 A warning will now pop up:

 Next time you run a scan, the rule is marked as pass:





Source:

https://docs.microsoft.com/en-us/sql/relational-databases/security/sql-vulnerability-assessment