SQL Server Security Audit Report
The purpose of sql server security audit report is to identify the potential vulnerabilities in the database system. This is a security audit assessment for Microsoft SQL Server and this report represents how much the database server is at risk to an attack. The vulnerabilities tested in sql server security audit report included:
- Access control
- Privilege Control
- SQL injection
- Configuration Management
Parameters have been classified into 5 categories based on the security impact. These are
- Critical: Very critical vulnerability and it has to be fixed right away
- High: High impact on security need to check based on your business requirement and environment.
- Medium: Medium level of impact
- Low: Impact is very low but still needs to be considered as a security issue.
- Info: Just an information and no impact from security prospective
The target of this sql server security audit report is to identify as much as security vulnerabilities and report it in an organized manner. This is not an evolution of how “good” or “bad” databases are constructed as we are considering only the security prospect.
This report showcases the current security status by severity, vulnerability, compliance based on the given input rules. Any final decisions on how to handle these security issues should be verified and approved by the security leader or application owner. We strongly recommend fixing the Critical Vulnerabilities as a priority.
Passed: The security parameter is passed as the configured value is safe
Exception: The parameter is vulnerable but this has to be an exception as per your business policy.
Failed: Parameter is failed in audit and focus required on this. Critical failures has to be fixed on priority
SQL Server Security Audit Report: