Security Management Strategies for the CIOAccess "Database security tools for preventing SQL injection attacks"
This article is part of the April 2004 issue of Depth charge: Survey shows big spending on defense in depth
Database security has been neglected ever since monolithic mainframes gave way to client-server systems, exposing the SQL command line. Today's n-tier Web environment and tomorrow's n-peer Web services multiply the number of attack points and reinforce the need to separate data security from application security. Database activity can be monitored at three basic layers: attacks that target database components, such as buffer overflows in Oracle or SQL Server; SQL commands that manipulate the database format and/or data, as well as the stored procedures that automate these tasks; and attacks that target specific content within databases. A common attack against databases is SQL injection, through which an attacker manipulates an input form to pass unauthorized commands. Web-app firewalls, like those from Sanctum, KaVaDo, Teros and NetContinuum, identify abnormal behavior and block attacks. Web scanners by Sanctum, KaVaDo and SPI Dynamics also scan and test for SQL injection conditions. These tools watch HTTP traffic, but they don't address database ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
IT security spending 2004: Firms diversify as security budgets tighten
by Andrew Briney
Fearing the worst on IT security spending, companies are diversifying their security spending.
-
Audit failure: How one lab raised IT security awareness and its audit grade
by Anne Saita
Learn how Argonne National Lab raised IT security awareness and its audit grade from 'F' to 'A'.
-
IT security spending 2004: Firms diversify as security budgets tighten
by Andrew Briney
-
-
The future of software security vulnerabilities
by Gary McGraw & Greg Hoglund
The evolution of software security vulnerabilities opens new vistas for business... and the bad guys.
-
Ensure audit success with sound security audit procedures
by George Wrenn
A security review doesn't have to be a sink-or-swim proposition.
-
The future of software security vulnerabilities
by Gary McGraw & Greg Hoglund
-
Columns
-
Using tax depreciation to increase security budgets
by Lawrence Walsh
The depreciation of capital assets, such as security hardware and software, is a tax benefit that every infosec manager should take into consideration.
-
Cyberwar myths: Are cyberwarfare and cyberterrorism overblown?
by Marcus Ranum
Marcus Ranum explains why the whole notion of cyberwarfare is a scam.
-
A little betrayal: Windows purists using Linux security features
by Jay Beale
Jay Beale explains how Windows purists can leverage Linux security features without compromising their allegiance to Redmond.
-
Database security tools for preventing SQL injection attacks
by Pete Lindstrom, Contributor
An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.
-
In enterprises, proactive information security finally taking hold
by Andrew Briney
Editorial director Andrew Briney says frustration with failure is driving proactive information security spending on new technologies.
-
Using tax depreciation to increase security budgets
by Lawrence Walsh
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...