@andreaswolter.bsky.social
Microsoft Certified Solutions Master Data Platform (MCM+MCSM), ex Microsoft PM SQL Security. He/him. Former or current resident of π©πͺ π¬π§ π¦πͺ πΉπ π»π³ πΊπΈ
Published the final article in my 3-part series about the challenges of auditing access to data in Microsoft #SQLServer, #AzureSQL, and SQL #database in #Fabric: andreas-wolter.com/en/202510_da...
Shedding light on several tricky ways to evade auditing β were you aware of all of themβ
I was asked to review a vulnerability discovered in Auditing Classified Data in #SQLServer. It is a valid security risk, since it enables undetected data exfiltration by a low-privileged user.
For details and guidance, check out my post here: andreas-wolter.com/en/2509-sql-...
Yea. This was only introduced with SQL Server 2022. Before that DC did not enforce anything
09.09.2025 19:01 β π 0 π 0 π¬ 0 π 0
Published a more elegant and straightforward solution for auditing access to specific data in Microsoft #SQLServer and #AzureSQL, using Data Classification: andreas-wolter.com/en/202508_da...
19.08.2025 19:19 β π 2 π 0 π¬ 1 π 0
Important Security fixes for #SQLServer 2016β2022: 5 CVEβs of type Elevation of Privilege Vulnerability. Ranging from #SQLInjection via system procedures to permission adjustments and easy to implement. Secure your systems: msrc.microsoft.com/update-guide...
13.08.2025 22:24 β π 0 π 0 π¬ 0 π 0
Evading Data Access Auditing in Microsoft #SQLServer π΅οΈ
this article demonstrates data access that is not captured by common Audit definitions and how to ensure also indirect access to data is audited andreas-wolter.com/en/202508_ev...
Nice technical insights. - Happy to see my old article being of some use still :) - Thanks for mentioning.
29.07.2025 19:12 β π 0 π 0 π¬ 0 π 0
Article: recommended minimum security audit definition for database systems, using Microsoft #SQLServer as example:
Audit every change to the systemβs security configuration. andreas-wolter.com/en/202507_re...
Tomorrow: live Roundtable on a growing issue: database sprawl. It wreaks havoc on performance, security, and cost. Weβll talk openly about how to assess whatβs running and take back control. If this has become a challenge in your organization, I hope youβll join us. www.linkedin.com/events/manag...
17.06.2025 21:11 β π 0 π 0 π¬ 0 π 0
What happens if you leave #SQLServer exposed to the internet? As you may have seen, that is exactly what I did for my PreCon at the #SQLSaturday New York City conference. Here I am sharing what happened:
10 hours of SQL Server under attack β takeaways
andreas-wolter.com/en/2505_sqls...
Hacking attempts on SQL Server from Iran
And the winner of the first hacking attempt on the #SQLSaturday NYC Performance Monitoring lab environment is: #Iran π applause applause.. π
I am taking bets for the main event Friday!
Next Thursday, 4/17, at the NTSSUG user group meeting: how to approach #DataSecurity for #SQLServer and #AzureSQL from a strategic perspective, live at the Microsoft office in Irving, TX. Sign up for the free event here: www.meetup.com/north-texas-...
10.04.2025 16:40 β π 0 π 0 π¬ 1 π 0
31 days left: #SQLServer Performance Monitoring at #SQLSaturday in New York City on May 9th!
Your chance to test your knowledge and analyze my server's workload live during the session! - using Extended Events or DMV queries from your own machine: www.eventbrite.com/e/practical-...
Performance Monitor
Are you interested in learning how to troubleshoot performance issues on your own, rather than relying on costly consultants like me? π
Join me and others for my PreCon on #SQLServer Performance Monitoring at #SQLSaturday in New York City on May 9th!
Sign-up here: www.eventbrite.com/e/practical-...
SQL Audit bug
#SQLServer #security admins, attention: #Auditing is missing attempts to change permissions, leading to #repudiation and miss elevation attempts
Please upvote for bug-fix
andreas-wolter.com/en/2502-sql-...
The challenges for least privilege: When sysadmin is still required in Microsoft #SQLServer
a fresh update on the sysadmin requirements for SQL Server 2022 - and why CONTROL SERVER can be dangerously misleading. andreas-wolter.com/en/least-pri... #DataSecurity
New article out> Protecting database data at rest:
Comparing the different encryption methods SQL Server offers, regarding how well they protect data at rest, and why I don't push for #TDE everywhere.
andreas-wolter.com/en/protectin... #DataEncryption #DatSecurity
New article: #TLS 1.2 and trusted certificates to encrypt data in transit for all SQL Servers, including development environments andreas-wolter.com/en/tls-trust... #SQLServer #Encryption
26.11.2024 02:28 β π 0 π 0 π¬ 0 π 0