Database Security Issues
Authentication is the process of confirming a user or computerÂ’s identity. The process normally consists of four steps:
Testing For SQL Injection Vulnerabilities
SQL Injection attacks pose tremendous risks to web applications that depend upon a database backend to generate dynamic content. In this type of attack, hackers manipulate a web application in an attempt to inject their own SQL commands into those issued by the database. In this article, we take a look at several ways you can test your web applications to determine whether they're vulnerable to SQL Injection attacks.
PCI DSS for Database Professionals
The Payment Card Industry Data Security Standard (PCI DSS) sets forth the security requirements for organizations that store, process and/or transmit credit or debit card transactions. These requirements stem from a series of significant security incidents affecting databases of consumer credit information over the past decade.
What is inference in databases? Find out in the About Databases glossary.
What is a SQL injection attack? Find out more in the About Databases glossary.
Database Security: A Fine Balance Between Roles and Rights
Should businesses trust their employees with the critical role of protecting sensitive corporate information? Industry analysts would probably say “never” - and with good reason.
Database Security Issues: SQL Injections
One common type of database attack, the SQL Injection, allows a malicious individual to execute arbitrary SQL code on your server. Let's take a look at how it works by analyzing a very simple web application that processes customer orders.
Database Servers Take the Security Test!
Are you kept awake at night with fears about undiscovered security flaws in your database server? You're not alone! Many database professionals hesitate to blindly trust the assurances they receive from vendors that a product is secure.
Access Controls in SQL
SQL joins allow you to retrieve data from multiple database tables. Your About.com Guide to Databases provides a comprehensive introduction.
Database Insecurity: Is Your Credit Card Safe?
Recent attacks on e-commerce database servers highlight the threat posed by insecure databases. Read the details of one recent attack and learn how to avoid the same blunders.
Database Security Issues: Inference
Inference is a major security issue facing database designers and administrators. Learn all about it in this article.
Database Servers Take the Security Test
If you're like most database administrators, you have at least a rudimentary understanding of the security measures offered by your DBMS. How reliable are these measures? Read what the National Security Agency has to say.
HIPAA Compliance (Privacy and Security)
The Health Insurance Portability and Accountability Act of 1998 (HIPAA) places a large regulatory burden on organizations that deal with certain types of health-related information. We're now only a couple of weeks away from the compliance deadline for the Security Rule. Are you ready for April 21st?
Creating Virtual Private Databases in Oracle
Oracle contains several security features that allow database administrators to achieve greater control over their information. In this article you'll learn how to implement a Virtual Private Database.
Microsoft SQL Server Security White Papers
Microsoft's TechNet provides a collection of white papers detailing the security features of SQL Server with recommendations for database administrators.
Protecting the Warehouse
Security issues are often neglected in the implementation of data warehouses. This article from DM Direct outlines the basic principles of data warehouse security.
Getting Started with Oracle Security
This article provides a seven-step process for adding security to your Oracle database applications.
Microsoft Access Security 101
This online course from Microsoft provides an introduction to the fundamental concepts of Access security.
Data Classification: A Simple Approach
Many organizations avoid the challenge of data classification because they consider it a burdensome, difficult effort. In fact, it’s likely that organizations without actively used data classification policies have tried implementing such a policy in the past and failed, never to try again. In this article, I offer you some practical advice for getting a data classification effort off the ground and applying it to your sensitive information.