Professor: Godson Chukwuma
Term Paper Assignment
Rafik Abdelhamid Osmane
Top ten threats in Database security:
1. Excessive Privilege Abuse
2. Legitimate Privilege Abuse
3. Privilege Elevation
4. Database Platform Vulnerabilities
5. SQL Injection
6. Weak Audit Trail
7. Denial of Service
8. Database Communication Protocol Vulnerabilities
9. Weak Authentication
10. Backup Data Exposure
The common mistakes that are made in database systems are:
1. Poor design/planning
2. Ignoring normalization
3. Poor naming standards
4. Lack of documentation
5. One table to hold all domain values
6. Trying to build generic objects
7. Lack of testing
Recommended solutions to protect the Database are:
-Audit the industry's widest range of databases for security, configuration and operational vulnerabilities, exploit root level access to collect evidence for reporting and ensure you secure you most valuable assets. -Provide detailed reporting and remediation guidelines to your security staff so they have the insight they need to resolve issues quickly and easily. -Ensure policy compliance with pre-defined policy report templates and a single-scan capability that check for both policy compliance and vulnerabilities in the same scan - streamlining security configuration assessment efforts for internal and external auditors. -Verify and validate vulnerabilities and risks: N-expose and M-etasploit can use the results from the database scan to penetrate the operating system to find additional vulnerabilities that would otherwise be left hidden.
Open source (or not) database platforms like MySQL, Microsoft SQL Server, and PostgreSQL that have achieved broad acceptance provide adept, malicious hackers an obvious path to attack websites en masse. With FireHost, we can trust that our database will be protected with the most advanced security available....
References: 1. Ten Common Database Design Mistakes by Louis Davidson.
2. Database design pitfalls by Victor Campos.
3. Database security solutions by Rapid 7 technologies.
Please join StudyMode to read the full document