How to Protect SQL Server from Hackers and Penetration Tests

On June 3rd, the InfosecMatter blog published a post titled “Top #10 Vulnerabilities: Internal Infrastructure Pentest“. This blog post detailed the top most common vulnerabilities in Windows servers and networks found during more than 60 internal infrastructure penetration tests around the world. After reading this article, I was prompted to actively look for similar resources on SQL Server penetration testing, and I got some interesting findings. Check out my blog post at the Madeira Data Solutions website for the details.


After reading up on a bunch of SQL Server penetration testing articles, I found that the steps of a common penetration test are as follows:

  1. Discovery
  2. Gaining Access
  3. Elevating Permissions
  4. Attacking (Loot / Destruction)

Logically, these steps mimic the steps taken by a common would-be hacker (except, of course, they try not to actually damage anything).

I’ll briefly describe each step from the point of view of a hacker or penetration tester, the common methodologies of each step, and offer recommendations that we can follow to protect our database systems at every level.


Check out the full post by clicking here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.