OWASP Backend Security Project SQLServer Hardening

= Overview =

= Description =

Installation of the Engine
* Service installed * Authentication Mode * Process

Configuration tools provided
* Surface Area Reduction (services and connection) * Surface Area Reduction (functionality) * Sql Server Configuration Manager (endpoints and protocols) * Sql Server Administrators * System Stored Procedure (xp_cmdshell…)

Database Administration
* Password Policies * Authorization * Roles and Schemas * Metadata Views * Linked Servers * Execution Context

Encryption
* Symmetric * Asymmetric * Asymmetric with certificate

= References =