SQL Server: Security for Developers

Learn how to protect databases and preserve the integrity of an organization's data by configuring security settings in SQL Server.

Introduction

• Build secure applications in SQL Server
• Course software

1. Roles and Privileges in SQL Server

• Logins and users
• Azure AD and SQL authentication
• Demo: Create a user in SQL Server
• Roles and privileges overview
• Least privileges principal
• Building custom roles in SQL Server
• Demo: Building custom roles
• Predefined roles in SQL Server
• Roles in Azure SQL Database
• Contained users and their benefits
• Demo: Contained users

2. SQL Injection

• Overview of SQL injection
• SQL injection vulnerabilities
• Writing proper SQL procedures
• Demo: Stored procedures vs. dynamic SQL
• Dynamic SQL and input checking
• Demo: Dynamic SQL parameterization
• External protection around SQL injection

3. Securing Your Network

• Network security
• Encrypting connections to SQL Server
• TLS 1.0 vs. TLS 1.2
• Upgrading TLS with SQL Server
• Linked server security
• Demo: Linked servers
• Azure SQL Database firewalls
• Demo: Azure SQL Database firewalls

Conclusion

• Next steps