Security Bytes

Jun 3 2010   1:53PM GMT

Database security: Top 10 database vulnerabilities list

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

New vulnerabilities list outlines the most common database problems that could lead to a costly data breach.

Database administrators are all too familiar with the issues outlined in Application Security Inc.’s new Top 10 database vulnerabilities list. From the use of default passwords to patching issues, database management systems have been known to be plagued with issues making them vulnerable to attack.

When I reported on database management issues, DBAs told me they were well aware of the common security issues that can lead to a data breach. But, they often said the DBMSs containing sensitive data typically are surrounded by a number of different security systems, reducing the threat of an attack.

Top 10 Database Vulnerabilities

  1. Default, Blank & Weak Username/Password
  2. SQL Injections
  3. Extensive User & Group Privilege
  4. Unnecessary Enabled DB Feature
  5. Broken Configuration Management
  6. Buffer Overflows
  7. Privilege Escalation
  8. Denial of Service Attack DoS
  9. Unpatched Databases
  10. Unencrypted sensitive data – at rest and in motion

Common security practices
I’m reminded of an interview I conducted in 2003 with Oracle database expert and consultant Don Burleson. A well-known Oracle database consultant, much of Burleson’s advice can be applied to just about any database management system. The most common security mistakes are made because DBAs fail to read the installation instructions, he said. Default passwords and user IDs can be easily left in place, he said. DBAs can also fail to limit access to the database, increasing the risk of intrusion.

The internal threat
One area that has come to light is database activity monitoring (DAM). Adrian Lane, chief technology officer of Securosis recently outlined some of the problems enterprises can face when deploying DAM software. Security expert David Mortman of Echelon One wrote an expert tip outlining steps companies can take to mitigate the threat from insiders.

3  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • cloudbroker
    thanks for your great post about security system.
    20 pointsBadges:
    report
  • zahidchowdhury
    The above mentioned top 10 Database vulnerabilities are significantly needed for all database programmer and computer users as well.
    10 pointsBadges:
    report
  • anpzone
    Thank you for sharing the top ideas.....
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: