Improving Web Application Security: Threats and Countermeasures

Sample databases (including Pubs and Northwind) are removed.

Stored procedures and extended stored procedures are secured.

Access to cmdExec is restricted to members of the sysadmin role.