Using the C# SqlParameter Object for Writing More Secure Code

C# SqlParameter is a handy feature allows you to safely pass a parameter to a SqlCommand object in .NET. A security best practice when writing .NET data access code, is to always use parameters in SqlCommand objects (whenever parameters are required of course). The reason for this, is that parameters help prevent SQL injection attacks. … Read more…

Quick Tip: SQL Server Support for TLS 1.2

This short post discusses SQL Server Support for TLS 1.2. It is a recommended security best practice, to upgrade to Transport Layer Security (TLS) protocol 1.2 as several known vulnerabilities have been reported against SSL and earlier versions of TLS. Many of us who work with SQL Server, we needed – or will need at a … Read more…