Site icon Eitan Blumin's blog

SQL Vulnerability Assessment Tool Reference List – Updated!

Way back at January 16, 2020, I published a blog post containing a reference list for the many rules checked by the SQL Vulnerability Assessment Tool. The next month, I created a separate, dedicated page for the reference list so that it’d be easier to find and maintain. Today I learned that a few months later, around the beginning of May, Microsoft themselves have also published such a reference list on the Microsoft Docs page.

Microsoft’s version appears to be specifically under the Azure SQL Database section of the documentation. And while it’s more up-to-date compared to the reference list that I published on January and February, it contains less details than what I provide in my version.

Specifically, Microsoft’s version does not contain the “Rationale“, the “Query“, and the “Remediation” sections of the assessment rules, which may provide additional insightful information.

I have also noticed that different sets of rules are evaluated, depending on whether your assessment target is a SQL Server instance (IaaS, on-prem or VM), Azure SQL DB, a SQL Managed Instance, or an Azure Synapse Analytics server (a.k.a. Azure SQL DW). Microsoft’s reference list has a “Platform” column, specifying for each rule the platform types where it can be evaluated.

So, I’ve set out to update my own rules reference list with the missing information:

I have updated the SQL Vulnerability Assessment Tool Rules Reference List and it now contains all rules, and all platforms, in a (hopefully) easily digestible format that can be easily referenced from wherever.

Click here to view the updated Rules Reference List

Ideally, I would’ve preferred to implement this reference page using a “data table” control, which would be a better user experience, allowing for dynamic filtering and sorting based on user input… But apparently it requires a WordPress plugin, which in turn requires premium membership.

That’s a bit of an overkill in my opinion, having to pay for premium membership just because of one plugin which, let’s be honest, isn’t really a must here.

So, we’ll make do with what we got. I believe it’s more than good enough at this point.

Exit mobile version