Comments on: SQL Vulnerability Assessment

By: Using sqlmap to Test For SQL Injection Vulnerabilities - Thomas LaRock

Using sqlmap to Test For SQL Injection Vulnerabilities - Thomas LaRock — Thu, 11 Jan 2018 19:16:00 +0000

[…] Server Audit to track changes made to jobs inside of SQL Agent. And another on the SQL Vulnerability Assessment feature in Azure. Today I’m going to write a bit about a third tool, sqlmap, an open-source […]

By: SQL Vulnerability Assessment Available in SSMS - Thomas LaRock

SQL Vulnerability Assessment Available in SSMS - Thomas LaRock — Thu, 07 Dec 2017 21:27:49 +0000

[…] Vulnerability Assessment (VA) feature in now available in SSMS (SQL Server Management Studio)! I blogged about this feature in Azure recently, and hinted that SQL Vulnerability Assessment Available in SSMS would be coming soon. Well, today […]

By: ThomasLaRock

ThomasLaRock — Tue, 17 Oct 2017 15:29:00 +0000

In reply to Hugo Shebbeare. Yes! I am hopeful that we will see continued improvements with this feature, and soon!

By: Hugo Shebbeare

Hugo Shebbeare — Mon, 16 Oct 2017 01:27:00 +0000

Nice post Thomas! Glad they finally released a product to rival IBM Security’s VA tool – hope that in the next versions they continue to not only build a great security tool for within the MSFT feature space, but also incorporate NIST/STIG, CIS, standards (known well in the CISSP space) that are matched for the passes settings, as well as include what CVEs are satisfied, correlated to the patching level.