Security Bytes

Jun 3 2010   1:53PM GMT

Database security: Top 10 database vulnerabilities list

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


New vulnerabilities list outlines the most common database problems that could lead to a costly data breach.

Database administrators are all too familiar with the issues outlined in Application Security Inc.’s new Top 10 database vulnerabilities list. From the use of default passwords to patching issues, database management systems have been known to be plagued with issues making them vulnerable to attack.

When I reported on database management issues, DBAs told me they were well aware of the common security issues that can lead to a data breach. But, they often said the DBMSs containing sensitive data typically are surrounded by a number of different security systems, reducing the threat of an attack.

Top 10 Database Vulnerabilities

  1. Default, Blank & Weak Username/Password
  2. SQL Injections
  3. Extensive User & Group Privilege
  4. Unnecessary Enabled DB Feature
  5. Broken Configuration Management
  6. Buffer Overflows
  7. Privilege Escalation
  8. Denial of Service Attack DoS
  9. Unpatched Databases
  10. Unencrypted sensitive data – at rest and in motion

Common security practices
I’m reminded of an interview I conducted in 2003 with Oracle database expert and consultant Don Burleson. A well-known Oracle database consultant, much of Burleson’s advice can be applied to just about any database management system. The most common security mistakes are made because DBAs fail to read the installation instructions, he said. Default passwords and user IDs can be easily left in place, he said. DBAs can also fail to limit access to the database, increasing the risk of intrusion.

The internal threat
One area that has come to light is database activity monitoring (DAM). Adrian Lane, chief technology officer of Securosis recently outlined some of the problems enterprises can face when deploying DAM software. Security expert David Mortman of Echelon One wrote an expert tip outlining steps companies can take to mitigate the threat from insiders.

7  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • cloudbroker
    thanks for your great post about security system.
    20 pointsBadges:
  • zahidchowdhury
    The above mentioned top 10 Database vulnerabilities are significantly needed for all database programmer and computer users as well.
    10 pointsBadges:
  • anpzone
    Thank you for sharing the top ideas.....
    10 pointsBadges:
  • mdtarek
    Database security is really important!
    20 pointsBadges:
  • WinnieNewell
    Your Top 10 vulnerabilities database, the database is for programmers and users. Your topic is very well liked. I hope front of write such requirements.
    10 pointsBadges:
  • hellenjos
    Thank you for sharing the database vulnerabilities list. I searched this in many sites but didn't get any. In my work I have include these topics. But due to some skin problems it won't work and i take the appointment at emirates dermatology clinic. After my treatment I published my work. 
    10 pointsBadges:
  • nadcabmlmsoftware
    Top 10 vulnerabilities database, the database is for programmers and
    users. Your topic is very well liked. I hope front of write such
    requirements.We are alos care for security to our MLM Software client
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: