SQL Server 2016 provides several new data security features like Dynamic Data Masking (DDM) and Row-Level Security (RLS). Implementing DDM and RLS internally in the SQL Server, aims to bring us better security.

DDM based on user level rules, is aims to prevent users without granted permission "UNMASK" to expose the original value of a column. RLS based on security policy which uses inline function in order to implement filter predicate on rows.

Are those features really keep your data secure as expected?

During this session we will discuss the limitations of those features, and we will show how simple it is to bypass(crack) the security features and expose the data, by any user that has simple select permission.

The ability to implement security features gives nothing without recognizing the limitations and its vulnerability. This is a must session for anyone who uses or intend to use the new security features!