Security

Manvendra Singh
Open existing scan report

Database security testing using SQL Server Vulnerability Assessments

January 28, 2022 by

I will explain how to use and perform security testing using SQL Server vulnerability assessment in this article. I have explained basic understanding about multiple layers of security that we configure to protect our SQL Server instances in my last article. I have also explained about security testing at each layer we should perform to understand how secure our systems are. I would request you to read this article, Understanding security testing for SQL Server environments to learn more about them.

Read more »
Aveek Das
Create a Workspace in Power BI Service

Implementing Security in Power BI Workspaces using User Roles

August 19, 2021 by

In this article, we are going to learn about implementing and managing security in Power BI Workspaces. Power BI is one of the leading data visualization tools that is used by a plethora of companies around the globe. Power BI has risen to prominence in recent years due to the ease of use and familiarity of concepts with Microsoft Excel, which helped a lot of analysts tutor themselves and learn to work in Power BI. Power BI is now available in both, desktop and the cloud and users can choose to start with anyone. However, the desktop version of Power BI, known as the Power BI Desktop is used mainly for creating simple and complex data models within the Power BI environment and then published to the cloud, known as the Power BI Service.

Read more »
Nisarg Upadhyay
Run Select query

An overview of the db_datareader role

October 12, 2020 by

In this article, we are going to learn about the db_datareader role. It is a fixed, database-level role. The database-level roles are a group of security principals that are used to manage the permissions within the databases more efficiently. There are two types of database-level roles. One is a predefined database-level role, and another is custom database-level roles. The custom database-level roles can be created by the database administrator or the member of the db_owner role.

Read more »
Timothy Smith
Three example alternatives of tracking behavior by data masking the specific time

Data Masking or Altering Behavioral Information

June 26, 2020 by

As tracking behavioral data becomes increasingly popular, firms may overlook areas where they can collect the same information while data masking details that can be used in a compromise. Behavioral data collection can be extremely dangerous as it allows attackers a wide range of attacks, from spoofing targets to automating custom attacks on targets. Since behavior can reveal key details about us, this information may be as costly as private identifiable information. When tracking behavioral data, we want to weigh risks, and, in some cases, we can accomplish the same result without specific details. In other cases, we may want to mask specific behavioral information on reports that are generated, even if we retain the specific time. We’ll look at a method where we can accomplish either – updating data to remove time or data masking specific time while returning the information we want.

Read more »
Timothy Smith

Security Testing with extreme data volume ranges

June 19, 2020 by

When we develop security testing within inconsistent data volume situations, we should consider our use of anti-malware applications that use behavioral analysis. Many of these applications are designed to catch and flag unusual behavior. This may help prevent attacks, but it may also cause ETL flows to be disrupted, potentially disrupting our customers or clients. While we may have a consistent flow of data throughout a time period – allowing for a normal window of behavior to occur – we may also have an inconsistent data schedule or inconsistent amount of data that cause these applications to flag files, directories, or the process itself.

Read more »
Timothy Smith
Before designing our security testing, we should know what types of attacks will do the most damage to our business

Security Testing Around Our Business Model and Risks

June 9, 2020 by

When we create an environment and consider our security testing from development to production and how changes are deployed throughout each environment, we want to consider what we’re protecting and how much resources we’ll devote to this protection. Every company has limited resources, so protecting against all possible threats will not be something we can achieve.

Read more »
Timothy Smith
We can see the option to enforce password policy when we manually create a login through the interface or selecting this option as ON when scripting logins for creation

Security Testing SQL Logins with the PWDCOMPARE function

June 3, 2020 by

In this article, we’ll look at using the built-in PWDCOMPARE function in SQL Server for security testing passwords. While this tool may seem like it exposes a weakness in Microsoft SQL Server because we can test for passwords, it should be of note that an attacker could do the same attack by attempting to login to our database server assuming the attacker was able to access a connection to it. Therefore, this function does not increase the risk of an attack on SQL Server but does help us identify possible weaknesses in our environment so that we can quickly mitigate these risks. In addition, we’ll also combine this with other related tools in SQL Server to help us with logins.

Read more »
Aveek Das
Viewing Data as North America

Introduction to Row-Level Security in Power BI

April 15, 2020 by

Analyzing data with Power BI has always been fascinating to me. With ever-growing data comes more risk, and hence more security is needed. In this article, I am going to introduce what row-level security in Power BI is and how does it work. I’ll also demonstrate in detail how to implement the same in Power BI Desktop. Later, we will also discuss how to implement this row-level security in Power BI service as well. To learn about row-level security in SQL Server, please have a look at my previous article, where I have explained how to implement the same.

Read more »
Aveek Das
Selecting Data

Introduction to Row-Level Security in SQL Server

March 31, 2020 by

In this article, I’m going to discuss Row-Level Security in SQL Server. RLS or Row-Level Security as the name suggests is a security mechanism that restricts the records from a SQL Server table based on the authorization context of the current user that is logged in. This means the records from the tables are displayed based on who the user is and to which records do the user has access to. This is usually done to allow specific users to have access to their data only without permission to view other users’ data.

Read more »
Jignesh Raiyani
How DDL trigger works over database?

Database Level DDL Triggers on Tables

September 23, 2019 by

This article portrays the different utilization of database DDL Triggers for the Tables with a counting mail alert on schema composition using DDL (Data Definition Language) standard. Using that efficient method we can keep close eyes on monitoring schema changes in any database of SQL Server. We’ll also see how we could monitor these movements and send an alert email to persons responsible to inform about this change.

Read more »
Ed Pollack
Sample form with validation errors that protect the underlying code from SQL injection attacks.

SQL Injection: Detection and prevention

August 30, 2019 by

Summary

With an understanding of what SQL injection is and why it is important to an organization, we can shift into a discussion of how to prevent it. We ultimately want systems where SQL injection is impossible or very difficult to pull off. We then want systems where exploiting bugs is slow, laborious, and likely to raise monitoring alarms within an organization when attempted. The trio of layered security, prevention, and alerting can provide an immense advantage against not only SQL injection, but other data security threats.

Read more »
Ed Pollack
Attempting to locate a SQL injection vulnerability by entering special characters into form fields.

SQL Injection: What is it? Causes and exploits

August 30, 2019 by

Summary

Many security vulnerabilities are discovered, patched, and go away forever. Some linger and continue to plague software development and will continue to do so for years to come. Setting aside social engineering and non-technical attacks, SQL injection remains one of the top security threats to our data, as well as one of the most misunderstood.

Read more »
Gauri Mahajan
Advanced Threat Protection in Azure SQL Database.

Vulnerability Assessment and Advanced Threat Protection in Azure SQL Database

June 17, 2019 by

In today’s time where data breaches are highly expected to happen, there is a high need to ensure sensitive data in the Azure SQL databases is secured and which is why data security implementation is gaining momentum across each community. We covered one of the features of Advanced Data Security here in Advanced Data Security in Azure SQL Database – Data Discovery & Classification. Let’s dive further into the other two features that Azure SQL offers with this capability in this article.

Read more »
Gauri Mahajan
Columns classified using T-SQL in Data Discovery & Classification.

Advanced Data Security in Azure SQL Database – Data Discovery & Classification

June 17, 2019 by

Azure SQL supports in building and managing wide range of SQL databases, tools, frameworks etc. on the cloud. Organizations are drifting towards Azure SQL because of its obvious advantages over on-premises SQL Server and are generating, exchanging and storing data at an exponential rate on Azure. It becomes essential to safeguard, monitor our sensitive data and get alerts on anomalous activities else companies may come under fire for letting data leak and hacked.

Read more »