Database Security

Article (29)

Essential database security checklist
Learn how to secure your database with this extensive list of best practices.
How network administrators can help to prevent SQL injection
If you can get your network administrators working alongside database administrators and application developers, stopping SQL injection attacks can get a whole bunch easier.
Critical steps for your database patch management process
Learn the essential steps that simply must be a part of your database patch process.
WTF? Some programmers are using SQL injection as a *feature*!
Some online ad campaigns use SQL injection as a feature. That's right - a feature! Security experts are aghast and want it to stop.
SQL injection still prominent, despite infamous attacks
US authorities have charged three men in connection with an SQL injection that netted 130 million credit card numbers. So why is this form of attack still so easy to pull off?
Forrester: Distributed data is all-but-impossible to secure
Security pros need to think about the risks associated with data stored in web services, instead of trying to figure out how to secure them all.
Forrester: Database security a must
A new Forrester Research report says organisations should use data encryption whenever possible, as it is one of the most effective (and cheap!) security measures.
How to detect and stop SQL injection attacks
Learn how to stop automated SQL injection worms invading your web servers.
Oracle releases 43 patches
It's a busy week for patch management, as Oracle addds 43 patches to Microsoft's eight.
F-Secure latest victim of website hacking
Kaspersky is not the only security vendor with egg on its face this week: F-Secure's website has been hacked, too!
New open source tool boosts Oracle security
FuzzOR, a new open source fuzzing tool, can help Oracle users to detect and prevent SQL injection and other database security issues.
Bah Humbug - Zero-day hits SQL server on Christmas Eve
Organisations running SQL Server got the worst possible Christmas present: news of a Zero-day attack on the database. Will you be installing the workaround during your holiday?
Oracle's quarterly patch bundle lands
Oracle has made 36 fixes available in its latest Critical Patch Update pack.
Oracle user group 'fesses up: databases are too complex to secure
A survey conducted by an Oracle user group finds that database security is landing in the too-hard basket for many users.
45 new patches from Oracle
Running Oracle products? Then prepare for a patch-fest as the company releases 45 fixes!
Securing a services-oriented architecture
SOA's strength - presenting enterprise IT as a single entity - also means that you create a single target for digital malfeasants. Here's how to make sure your SOA stays secure.
Expect more SQL injection problems, despite Microsoft's help
Attackers will continue to find websites vulnerable to SQL injection vulnerabilities despite Microsoft's recent advisory identifying tools to help companies check if their websites are vulnerable and coding is secure.
More SQL injection attacks scare security researchers
One of the oldest security threats - SQL injection - is on the comeback trail.
REVIEW: Symantec Database Security 3.1
Symantec's database security appliance offers powerful security but less impressive reporting tools.
SQL injection attack infects hundreds of thousands of websites
Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.
New SQL injection technique threatens Oracle databases
A new method of exploiting various PL/SQL procedures makes it possible to hijack Oracle databases.
Survey finds thousands of database servers open to attack
Security expert David Litchfield found hundreds of thousands of unprotected Microsoft SQL Server and Oracle database servers available on the Internet.
Critical flaw discovered in IBM DB2
IBM's DB2 database management system contains a flaw that could be exploited remotely by an attacker to take control of a system.
Database security undermined by protocol loopholes, lax defenses
A security expert is warning database administrators about a continued loophole in database communication protocols that would allow an attacker to bypass access controls and gain access to critical files.
Keynoters speak volumes about security's changing face
Times have changed, and RSA Conference keynote speakers no longer need cryptography and security backgrounds. This year's headliners include several rock stars of the IT industry, along with some newcomers and several old veterans.
Discarded hard drives can be dangerous
A treasure trove of sensitive information can end up in the wrong hands if old hard drives aren't properly disposed of, one security expert warns.
Litchfield: Database security is IT's biggest problem
Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data.
Oracle's summer update fixes 65 flaws
Updated: The database giant released 250 patches covering myriad platforms such as Application Server, PeopleSoft and JD Edwards. But roughly 10 patches are on hold while quality issues are addressed.
Novell patches eDirectory buffer overflow vulnerability
Novell has addressed a flaw in the iMonitor component of its eDirectory LDAP directory service that could be exploited to cause a denial of service.

News (14)

100,000+ sites hit by automated SQL injection attack
A new attack is injecting malicious scripts into myriad websites, with the Buzuz Trojan a favorite payload.
New SQL Server flaw emerges
A new, unpatched, flaw has been found in SQL server.
Oracle patches 41 bugs
Oracle's latest mega-patch tackles vulnerabilities in Oracle Secure Backup, Database and Application Server.
Neosploit toolkit targets MS Access vulnerability
The Neosploit exploit toolkit is now able to take advantage of a zero-day vulnerabilitiy in Access.
Oracle has 37 fixes on the way
Brace yourself for April 17th, when Oracle will release 37 patches!
Database security a dud?
Security researchers suggest database security is lax: industry responds with new tools.
Oracle patches serious holes with latest CPU
Vulnerabilities in Oracle Application Server can be exploited remotely to hijack a system, according to Oracle's latest Critical Patch Update.
Symantec adds intruder identification to database security software
Symantec entered the database security market last year and is now introducing intruder identification and tighter integration with its security suite.
Oracle plugs critical database, application flaws
Oracle fixed critical flaws in database 10g and 9i, Application Server 10g, and E-Business Suite 11i.
Oracle CPU to contain 51 flaw fixes
Oracle's Critical Update will address 51 fixes, addressing holes in Oracle database 10g, Application Server, E-Business Suite and PeopleSoft Enterprise.
Oracle's July 2007 CPU has 45 security fixes
Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases.
Oracle releases 51 security fixes
The flaws are across Oracle''s product line and attackers could exploit them remotely to compromise vulnerable systems.
Oracle emulates Microsoft with advance patch notice
Oracle will patch 52 security flaws across its product line Tuesday, according to its inaugural CPU advance notification bulletin.
Symantec unveils Security 2.0 initiative
As part of Security 2.0, Symantec unveiled new products and partnerships with VeriSign and Accenture to help customers secure their databases, manage risk and fight ID theft.

Tips (6)

Does that database really need to live in a DMZ?
What is the best network location for an important database application? And who should be allowed to access the app?
Database patch denial: How 'critical' are Oracle's CPUs?
A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security defenses or find Oracle's patches to be more of a nuisance than a necessity.
Implementing Database Security and Auditing: Trojans
An excerpt from Chapter 9 of "Implementing Database Security and Auditing," by Ron Ben Natan.
Leveraging database security investments
Enterprises are now faced with the challenge of supporting multiple database versions on differing platforms, including SQL Server, Oracle Database, IBM DB2 and MySQL. While securing a diverse database architecture is crucial, the dollars needed to make changes may be hard to find. James C. Foster offers up a few hints for cutting costs while maintaining security on an enterprise's most critical systems.
How can I determine whether a database is hosted on a secure platform?
Learn what critical issues need to be addressed when determining if a database is hosted on a secure platform.
Secure data transmission methods
The main purpose of this tip is to explore secure data transmission options that are available to help meet regulatory and legal requirements.

General Content (2)

Attacks targeted to specific applications
This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," published by Realtimepublishers.
Information theft and cryptographic attacks
The third tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers.

© 2010 TechTarget ANZ. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this website constitutes acceptance of the TechTarget ANZ Terms and Conditions and Privacy Policy.

TechTarget ANZ sites: SearchCIO.com.au | SearchNetworking.com.au | SearchSecurity.com.au | SearchStorage.com.au | SearchVoIP.com.au