IT Solutions Architects and Cyber Security Engineering

Ethernautics, Inc. – Michael W Meissner: Cyber Security Database Threats

Ethernautics, Inc. – Michael W. Meissner: Cyber Security Database Threats

Ethernautics, Inc.

Ethernautics, Inc.

Top Ten Database Security Threats of 2015

Ranking Threat Brief Description Example
1 Excessive and Unused Privileges Database access privileges are granted that exceed the requirements of their job function or there need to know, resulting in privileges abused 1
2 Privilege Abuse Abuse of legitimate privileges can be considered a database vulnerability, if the malicious user misuses their database access privileges. 2
3 Input Injection A class of attacks that rely on injecting data or code into an application in order to facilitate the execution or interpretation of malicious data in an unexpected manner (See also SQL Injection and Code Injection) 3
4 Malware Is malicious code to automate the exploitation of one or more known exploits; the principal purposes of those malicious agents are information stealing and sabotage. 4
5 Weak Audit Trail Automated recording of database transactions involving sensitive data should be part of any database deployment. Failure to collect detailed audit records of database activity represents a serious organizational risk on many levels. 5
6 Storage Media Exposure Backup storage media is often completely unprotected from attack. As a result, numerous security breaches have involved the theft of database backup disks and tapes 6
7 Exploitation of Vulnerabilities and Misconfigured Databases Vulnerable and un-patched databases, or discover databases that still have default accounts and configuration parameters 7
8 Unmanaged Sensitive Data Companies struggle to maintain an accurate inventory of their databases and the critical data objects contained within them. Forgotten databases may contain sensitive information, and new databases can emerge 8
9 Denial of Service (DoS) Denial of Service (DoS) is a general attack category in which access to network applications or data is denied to intended users. 9
10 Limited Security Expertise and Education Lack of expertise required to implement security controls, enforce policies, or conduct incident response processes. 10

The list of top ten database threat as identified by Iperva Application Defense Center.

2013-07-06 Michael Butterfly Moody Gardens_1

Imperva go hear.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: