Scribd
Upload
38 views

The 10 Most Common Database Vulnerabilities

The document discusses the top 10 database vulnerabilities. These include abuse of excessive privileges which can allow internal actors to cause security incidents. SQL injection has long been a common vulnerability that can be prevented by sanitizing input data. Unprotected network communications can expose passwords and sensitive data. Failure to apply software updates leaves known vulnerabilities unpatched. Backups can also introduce vulnerabilities if not properly protected. Lack of segregation between privileged roles increases the risk of fraud. Weak key management, such as writing passwords on sticky notes, increases the risk of encryption failures. Inadequate audit trails make it hard to monitor for malicious internal activity. Data inference techniques can be used to reveal sensitive insights from less protected data. Software defects can directly compromise

Uploaded by

Utsav Patel
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
38 views

The 10 Most Common Database Vulnerabilities

The document discusses the top 10 database vulnerabilities. These include abuse of excessive privileges which can allow internal actors to cause security incidents. SQL injection has long been a common vulnerability that can be prevented by sanitizing input data. Unprotected network communications can expose passwords and sensitive data. Failure to apply software updates leaves known vulnerabilities unpatched. Backups can also introduce vulnerabilities if not properly protected. Lack of segregation between privileged roles increases the risk of fraud. Weak key management, such as writing passwords on sticky notes, increases the risk of encryption failures. Inadequate audit trails make it hard to monitor for malicious internal activity. Data inference techniques can be used to reveal sensitive insights from less protected data. Software defects can directly compromise

Uploaded by

Utsav Patel
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Privilege Abuse

The 10 Most Common • Abuse of excessive privileges is a common problem across industries. 75% of all security incidents are of
internal origin. Keeping the number of granted permissions small for each account can significantly
reduce the risk. Read about the Least Privilege Principle and how it can be used to prevent this type of
malicious act at http://goo.gl/bJ7fgK.

Database Vulnerabilities SQL Injection

• SQL Injection has been the most common vulnerability for years. To protect yourself from SQL Injection
you have to follow only one simple advice: Always sanitize your input data. However, the devil is in the
details. Read more at http://goo.gl/48f356.

Unprotected Network
Privilege
Abuse • SQL Server by default communicates unencrypted with its clients. This includes SQL Login passwords that
are also send unencrypted across the network. Know the risks and always enable TLS. Find out how at
http://goo.gl/bvsfLM.
Software SQL
Defects Injection
Unpatched Platform

• Mistakes happen. Mistakes in software development are often the cause of vulnerabilities. Most
companies regularly update their software to close these unintended vulnerabilities. It is your
responsibility to apply these updates to stay protected. Find out more about this latent problem at
http://goo.gl/ushzHR.

Backup Exposure
Data Unprotected
Inference Network • Backups are necessary to secure your access to your data. But backups can also present a vulnerability in
your security setup. Get the inside story on why protecting your backups from prying eyes needs to be
part of your recovery strategy at http://goo.gl/QMq6Gr.
Your Data
Missing Segregation

• Power can be misused. Segregation has been used for centuries to control power and reduce the
probability of fraud. For Example, a person with access to the encryption key for customer payment
information should not be able to disable auditing. Segregation is also a regulatory requirement in many
areas. Read more at http://goo.gl/sRKGZ5
Weak Unpatched
Audit Trail Platform Flawed Key Management

• Do you think writing the number combination for your safe on a sticky note and sticking it to the safe’s
door is a good idea? Yet, many companies use key management techniques that are frighteningly similar.
Encrypting sensitive data is important. Correct encryption key management is even more important. Get
the scoop at http://goo.gl/XX6jV9.

Weak Audit Trail


Flawed Key Backup
Management Exposure • 75% of security incidents are caused by internal personal (e.g. employees). Not all events are executed
intentionally but a fair portion is. A good audit trail helps to keeps these problems at bay by keeping the
Missing honest - well - honest. Find out about this and many other advantages as well as a few regulatory
requirements around auditing at http://goo.gl/ZBWV9e.
Segregation
Data Inference

• Data often contains hidden treasures and we use data mining to discover those. Sometimes similar
techniques can be use to infer sensitive information from less sensitive (and therefore less protected
data). In this context that process is called data inference and it can be used for malicious intents. Find
out how to protect your data at http://goo.gl/o4F5YL.

Software Defects

• Software development mistakes can create vulnerabilities (see: Unpatched Platform) but they can also
directly wreak havoc on your data. While not a vulnerability in the common sense, you still need to
protect your data from these mishaps. Read about how Test Driven Design can help you keeping your
code and your data clean at http://goo.gl/DNmqnQ.

You might also like