In Chapter 2, we did a thorough look into SQL injection and the multitude of ways in which poorly written TSQL can become a target for malicious attacks. Now, we are going to step back and review best practices for SQL Server security, with a focus on dynamic SQL and its typical use cases. Security is an immense topic; one that could easily consume thousands of pages given the opportunity. It also evolves with each day that passes, as new products are released and vulnerabilities are found in older ones. Our goal is to cover the most important and common places where we need to take care while developing database solutions using dynamic SQL, without veering too far into one-offs or edge cases.