Understanding Database Vulnerabilities

March 11th, 2010 Leave a comment
Like the article?
Vulnerable Database

Database is one of the most integral components of any system, and keeping data both secure and accessible is a demanding task every business is facing today. One of the more recent trends in enterprise security has been the movement away from protecting the perimeter of the network to protecting data at its source. Today’s corporate environment must provide access to data not only to its employees, but also to partners and customers located on separate networks, potentially thousands of miles away. In order to protect the database system, one must first understand its vulnerabilities. In general, database vulnerabilities fall into the following groups:

Vendor Bugs

Vendor bugs are code exceptions and buffer overflows that allow executing malicious commands. These are usually fixed by patches and configuration updates. To remove this vulnerability, you must stay current on the program updates and patches and install them as soon as they are released.

Poor Architecture

Poor architecture is basically an application design in which security was not taken in consideration. This one is usually the hardest to address because it requires major redesign and rewriting of existing platform or application. An example of this is using a weak encryption algorithm.


Misconfigurations are caused choosing database settings that provide inadequate database security. Some of these can simply be the default settings that comes out-of-the-box. Others caused by lack of thought put into deciding what values should be chosen for a given environment variable. An example of this is REMOTE_OS_AUTHENT parameter in Oracle database. REMOTE_OS_AUTHENT = “true” allows non-authenticated users to gain access to your database.

Incorrect usage

Incorrect usage is using applications and tools for malicious purposes to gain unauthorized access to the system. The most common example of this is SQL Injection, one of the most prevalent forms of attack used by hackers.

Help us spread the word!
  • Twitter
  • Facebook
  • LinkedIn
  • Pinterest
  • Delicious
  • DZone
  • Reddit
  • Sphinn
  • StumbleUpon
  • Google Plus
  • RSS
  • Email
  • Print
Don't miss another post! Receive updates via email!