database sec dis7
What happens when we find vulnerable and un-patched databases, or discover databases that still
have default accounts and configuration parameters? Attackers know how to exploit these
vulnerabilities to launch attacks. We have look at injections attacks which involve the
applications related to the databases.
Key Concepts of a SQL Injection Attack
- SQL injection is a software vulnerability that occurs when data entered by users is sent to the SQL interpreter as a part of a SQL query.
- Attackers provide input data to the SQL interpreter and trick the interpreter to execute unintended commands.
- A SQL injection attack exploits security vulnerabilities at the database layer which allows attackers can create, read, modify or delete sensitive data.
For our discussion please consider and expand on the following questions:
1. What are some of the reasons why security patches might not be applied to databases?
2. What about the use of triggers and alters? How can monitoring all database access activity
and usage patterns in real time assist in detecting data leakage, unauthorized SQL and Big
Data transactions, and protocol and system attacks?
3. What type of testing can be done to detect these application vulnerabilities (such as
injection)? The Open Web Application Security Project OWASP
https://www.owasp.org/index.php/Testing_for_SQL_Injection_%28OTG-INPVAL- 005%29
has some tools available for testing for injection vulnerabilities. What are some examples?
"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.
Discount Code: CIPD30
Click ORDER NOW..
