IT Solutions Architects and Cyber Security Engineering
Ethernautics, Inc. – Michael W. Meissner: Cyber Security Database Threats
Top Ten Database Security Threats of 2015
|1||Excessive and Unused Privileges||Database access privileges are granted that exceed the requirements of their job function or there need to know, resulting in privileges abused||1|
|2||Privilege Abuse||Abuse of legitimate privileges can be considered a database vulnerability, if the malicious user misuses their database access privileges.||2|
|3||Input Injection||A class of attacks that rely on injecting data or code into an application in order to facilitate the execution or interpretation of malicious data in an unexpected manner (See also SQL Injection and Code Injection)||3|
|4||Malware||Is malicious code to automate the exploitation of one or more known exploits; the principal purposes of those malicious agents are information stealing and sabotage.||4|
|5||Weak Audit Trail||Automated recording of database transactions involving sensitive data should be part of any database deployment. Failure to collect detailed audit records of database activity represents a serious organizational risk on many levels.||5|
|6||Storage Media Exposure||Backup storage media is often completely unprotected from attack. As a result, numerous security breaches have involved the theft of database backup disks and tapes||6|
|7||Exploitation of Vulnerabilities and Misconfigured Databases||Vulnerable and un-patched databases, or discover databases that still have default accounts and configuration parameters||7|
|8||Unmanaged Sensitive Data||Companies struggle to maintain an accurate inventory of their databases and the critical data objects contained within them. Forgotten databases may contain sensitive information, and new databases can emerge||8|
|9||Denial of Service (DoS)||Denial of Service (DoS) is a general attack category in which access to network applications or data is denied to intended users.||9|
|10||Limited Security Expertise and Education||Lack of expertise required to implement security controls, enforce policies, or conduct incident response processes.||10|
The list of top ten database threat as identified by Iperva Application Defense Center.
Imperva go hear.