Database Security

MUST READ Preventing SQL Injections TIP - Learn what a SQL injection attack is, and how to defend yourself against it. Here are five methods to reduce the possibility of a future SQL injection attack on your database. Oracle patches 82 critical flaws ARTICLE - Attackers could exploit the latest Oracle vulnerabilities to access sensitive information, overwrite files or launch SQL injection attacks in numerous applications. Raising risk prospects with a new SQL injection threat ARTICLE - "Inference attacks" could deliver up your so-called secure database to an attacker.

NEWS: 1 - 3 of 83

	New SQL injection technique threatens Oracle databases SearchSecurity.com | 24 Apr 2008 ARTICLE - A technique called lateral SQL injection exploits PL/SQL procedures to compromise Oracle databases remotely.

	Oracle fixes 41 flaws in April CPU SearchSecurity.com | 16 Apr 2008 ARTICLE - Attackers could exploit several Oracle flaws to compromise the confidentiality and integrity of targeted systems, Symantec said hours after Oracle's April 2008 CPU was released.

	Oracle patches serious holes with latest CPU SearchSecurity.com | 16 Jan 2008 ARTICLE - Vulnerabilities in Oracle Application Server can be exploited remotely to hijack a system, according to Oracle's latest Critical Patch Update.

	VIEW ALL NEWS ON DATABASE SECURITY

EXPERT TECHNICAL ADVICE: 1 - 3 of 24

DATABASE SECURITY EXPERTS
			Michael Cobb Founder and Managing Director, Cobweb Applications Ltd. ASK A QUESTION

	The ins and outs of database encryption 15 Apr 2008 TIP - In this tip, database security expert Rich Mogull examines the two primary use cases for database encryption, and offers his recommendations for making sure the job is done right.

	Should confidential data be indexed or used as the index key? 26 Oct 2007 EXPERT ANSWER - A recent attack uses a series of insert operations to find weaknesses in the database's indexing algorithm. Michael Cobb explains the nature of the threat and what it means for customer data.

	Can database extrusion products effectively prevent data loss? 05 Jul 2007 EXPERT ANSWER - In this SearchSecurity.com Q&A, security expert Michael Cobb explains how well database extrusion products can protect an organization's stored confidential information.

	VIEW ALL EXPERT TECHNICAL ADVICE ON DATABASE SECURITY

REFERENCE & LEARNING: 1 - 3 of 8

	Information security book excerpts and reviews SearchSecurity.com | 20 Sep 2006 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	Attacks targeted to specific applications By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - This is the fourth tip in our series, "How to assess and mitigate information security threats".

	Information theft and cryptographic attacks By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - The third tip in our series, "How to assess and mitigate information security threats".

	VIEW ALL REFERENCE & LEARNING ON DATABASE SECURITY

MAGAZINE CONTENT (free subscription required): 1 - 3 of 6

	Database Security Information Security Magazine | 01 Apr 2007 FEATURES - 2007 Readers' Choice Awards Database security software and appliances

	That Sinking Feeling Information Security Magazine | 01 Oct 2006 FEATURES - DATA PROTECTION Before you lose something precious, govern your data.

	Secure Reads Information Security Magazine | 01 Apr 2006 HOT PICK & PRODUCT REVIEWS - The Database Hacker's Handbook

	VIEW ALL MAGAZINE CONTENT ON DATABASE SECURITY

WHITE PAPERS

	SANS: Database Activity Monitoring: Continuous, Real-Time Data Security Published by: Guardium | 01 May 2008 WHITE PAPER - This white paper describes how database activity monitoring (DAM) records activity from all types of database management systems while providing real-time security for preventing unauthorized access by attackers and insiders.

	PCI Compliance Cut Costs, Not Corners with Third Brigade® Published by: Third Brigade | 29 Apr 2008 WHITE PAPER - This white paper examines how your company can achieve PCI DSS compliance through deploying a host-based security solution directly to data servers instead of utilizing costly devices.

	Introduction to Database Activity Monitoring Published by: Imperva, Inc | 09 Apr 2008 WHITE PAPER - Database Activity Monitoring gives insight into sensitive systems in a non-intrusive way, and can evolve into a proactive security defense.

	VIEW ALL WHITE PAPERS IN THIS TOPIC

WEBCASTS: 1 - 1 of 1

	CISSP Essentials: Mastering the Common Body of Knowledge -- Class 6, Applications and System Development - Expert Webcast VIEW WEBCAST PREMIERED:   16 DEC 2004, 09:00 EST (14:00, GMT) SUMMARY:   Applications and computer systems are usually developed for functionality first, not security. Listen to this presentation and learn how to build security into every system from the outset.

	VIEW ALL WEBCASTS ON DATABASE SECURITY

DEFINITIONS: 1 - 3 of 6

	data encryption/decryption IC 14 Nov 2005 WORD - A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data. Some such devices are intended for half-duplex operation (in which input and output do not ...

	MD4 01 Mar 2001 WORD - MD4 is an earlier version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that ...

	MD2 01 Mar 2001 WORD - MD2 is an earlier, 8-bit version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to ...

	VIEW ALL DEFINITIONS ON DATABASE SECURITY

	SEE ALSO - Topics Related to Database Security:  Email Security, Secure IM, Secure Software Development, Web Security, Application Firewalls, Securing Productivity Applications