This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Backend Security Project SQLServer Hardening
From OWASP
Overview
Description
Installation of the Engine
* Service installed * Authentication Mode * Process
Configuration tools provided
* Surface Area Reduction (services and connection) * Surface Area Reduction (functionality) * Sql Server Configuration Manager (endpoints and protocols) * Sql Server Administrators * System Stored Procedure (xp_cmdshell…)
Database Administration
* Password Policies * Authorization * Roles and Schemas * Metadata Views * Linked Servers * Execution Context
Encryption
* Symmetric * Asymmetric * Asymmetric with certificate