In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information...

UPDATE: The story that originally got my attention has been updated in all of the places I could still find it yesterday, so I'm pulling my references to the story and just focusing on the positive story of SQL Security improvement. Jeff Last week a web-based news story comes to my attention which asserted...

Today is Launch Day for 3 big products from Microsoft - Windows Server 2008, Visual Studio 2008 and SQL Server 2008. Click on the image to learn more general information and participate in the virtual launch. I want to briefly salute some of the security improvement represented by these products. This...

UPDATE: Download the full report PDF With a year's track-record, SQL Server 2005's positive security performance is being noticed beyond just my own observations ( SQL Server 2005 - 1 Year And Not Yet Counting... ). Enterprise Strategy Group (ESG), a technology industry analyst group released a study...

Vulnerabilities, that is. It has been about a year now since SQL Server 2005, so I thought this would be a good time to review how it has done security-wise. The latest SQL Server product from Microsoft has had zero vulnerabilities disclosed or fixed in its first year of availability. First, I want...