Data Protection Security School

Database security issues

The start of many data security issues is, of course, the database. In this security school, we'll examine the predominant database security vulnerabilities and offer best practices on how to monitor database access to detect potential security incidents.

About the author: Michael Cobb, CISSP-ISSAP, is a renowned security author and the founder and managing director of Cobweb Applications Ltd., a consultancy that helps companies to secure their networks and websites, and also helps them achieve ISO 27001 certification.

In this part:

Webcast: Understanding database security issues

Security alerts about zero-day exploits in popular software such as Adobe Reader and Java dominate the headlines at present, as do stories of APT attacks against major enterprises. Security vendors are releasing new products to bolster network defenses and defend against these attacks but oddly little new is being said about actual database security. Databases and the data within them are after all the primary target for most attacks. This webcast takes a look at vulnerabilities that directly affect database security and what enterprises should do to monitor database access to detect potential security incidents.

Feature: Basic database security, step by step

SQL injection and buffer overflows are database vulnerabilities that have been exploited for more than a decade, yet they remain common attack vectors in compromising database systems, even when patches and workarounds exist. This feature offers a checklist to ensure that you've got the basics covered. It provides security measures you must consider for database configuration, data safeguards, account provisioning, OS/database interaction and considerations for front-end applications that use your databases. Use this checklist to ensure you're following the basics for securing database systems.

Podcast: Essential Database security questions

A database is at the backend of most Web applications, yet it’s usually the frontend application that receives the most detailed consideration during development. This podcast looks at some of the questions that need to be asked and answered during the development and deployment of a data-driven Web application to ensure that flaws in the design of the database don’t put data at risk.

Quiz: Database security issues

Are you sure you've got a grasp on the nagging database security issues, vulnerabilities and how best to monitor database access to protect your organization against security incidents? Take this 10-question quiz to see if you've mastered your understanding of important database security issues and the vulnerabilities associated with them.

take the quiz