SQL Server source code analysis and management adds database security

You may or may not be a developer, but what you do as a DBA has a direct tie-in with source code analysis – and security. If you're hands-on with development, like I know many MCDBAs and others responsible for SQL Server are, you can do source code analysis on your own. Or, if you just handle the database side of things, you can work with your developers to make sure security is an integral part of the software quality lifecycle. After all, it's most often the front-end components of Web and other applications that create the risks associated with your backend database systems.

SQL Server application security is not a very hard sell these days. It's becoming common knowledge that performing both vulnerability/penetration testing and source code analysis are required to ensure overall application security. However, if you're going to get the right people on your side – either management

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server Security The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers SQL Server security: Controlling access via database roles Implementing security audit in SQL Server 2008 New security features in SQL Server 2008 leave some work for you Can I encrypt and restore a database backup in SQL Server 2005? FAQ: How to troubleshoot and grant SQL Server permissions Secure SQL Server from SQL injection attacks SQL/Transact SQL (T-SQL) Working with sparse columns in SQL Server 2008 Determining the source of full transaction logs in SQL Server New GROUP BY option provides better data control in SQL Server 2008 Using the OPENROWSET function in SQL Server Loading data files with SQL Server's BULK INSERT statement Importing and exporting bulk data with SQL Server's bcp utility Testing transaction log autogrowth behavior in SQL Server Securing SQL Server with access control, login monitoring and DDL triggers Top 10 SQL Server development tips of 2008 The sqlcmd utility in SQL Server SQL/Transact SQL (T-SQL) Research SQL Server Stored Procedures Top 10 SQL Server development tips of 2008 SQL Server trigger vs. stored procedure to receive data notification SQL Server errors, failures and other problems fixed from the trenches SQL Server and data manipulation in T-SQL How to use SQL Server 2008 hierarchyid data type SQL Server stored procedures tutorial: Write, tune and get examples Check SQL Server database and log file size with this stored procedure Configure SQL Server Service Broker for sending stored procedure data Find size of SQL Server tables and other objects with stored procedure Troubleshoot SQL Server 2005 temporary table performance problems

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

who approves your budget or developers who'll be doing the work – you'll need to present the business value of source code analysis.

Here are three common-sense reasons for performing source code analysis as part of your database security measures:

I can't think of a rationale for not performing source code analysis on a periodic and consistent basis. At least do it once per year or after any major releases. Whether you outsource it or do it in house, SQL source code analysis adds database security and shows that you take your work as a DBA seriously and are concerned about the image of your organization's long-term gains. It also creates a checks-and-balances system that bolsters accountability inside your department. Plus, you'll benefit from learning a new skill or at least enhancing communication and relationships with your developers.

Innovation is a key part of our job responsibilities in IT. Stepping up to the plate and integrating SQL Server source code analysis and management into your database security measures is an excellent way to manage your applications and stay ahead of the curve. It will most certainly be something that's expected in every project in the near future as simply another component of software quality. I can't think of a better time to start than now.

[TABLE]

Rate this Tip To rate tips, you must be a member of SearchSQLServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.