After reading up on a bunch of SQL Server penetration testing articles, I found that the steps of a common penetration test are as follows:
2. Gaining Access
3. Elevating Permissions
4. Attacking (Loot / Destruction)
Logically, these steps mimic the steps taken by a common would-be hacker (except, of course, they try not to actually damage anything).
I’ll briefly describe each step from the point of view of a hacker or penetration tester, the common methodologies of each step, and offer recommendations that we can follow to protect our database systems at every level.
Click through for information on each step.