SQL Server Database Vulnerability Assessment
With all the security breaches in the news these days it’s important to run a vulnerability assessment on your SQL Server database. SQL Server Management Studio makes doing so simple and straight forward. Starting with SSMS 17.4 you can run an automated scan directly from the database menu.
Vulnerability Assessment Limitations
While the automated scan will run through nearly sixty different tests, you are unable to add in your own rules at this time. Like all automated tests, passing is not a guarantee that your database is fully secure. You should look at the assessment as a set of guidelines to use in addition to your own approach to securing your database. It is possible that future releases will allow developers to add their own additional custom rules.
How to Run A SQL Server Vulnerability Scan
Running a vulnerability scan in SQL Server is straight forward. First, you’re going to need at least SQL Server 2012 or later and SSMS v17.4 or later. Next, right click your database and look for the Tasks menu, then go to Vulnerability Assessment followed by Scan For Vulnerabilities.
The scan can take several minutes. When it’s done you are going to see a screen like the one below:
SQL Server Vulnerability Assessment Results
When the assessment is done it will display a summary of the results. You’ll see on some rules a value “No baseline set” in the Additional Information column. The baseline is a way to set a passable current state for the database. If you set for example the above as a baseline, then the columns found in VA1287 would not be considered as a violation of the test and future tests would pass for this rule.
The vulnerability assessment can also be run in azure. Go to Advanced Data Security under the Security menu and then click it to enable it. From there click on Vulnerability Assessment. You’ll need to configure a storage account to store the scan results. For more information in running it in Azure see the Microsoft documentation.