As we roll into 2013, here's our review of the top ways organizations need to be protecting their databases. While Microsoft's documentation does a great job covering best practices for database programmers, that is still not enough to protect against many of today's threats. In fact, as many as 65% of database breaches are inside jobs, that is, they are performed by someone who is authorized to access the database.
MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how SQL injection can be exploited to gain almost full control over your web server.
In today’s world, it’s essential to implement secure programming practices for all apps, whether they are web-based or internal. Good programming practices can prevent SQL injection and other types of security breaches into your database.
Web Application Firewalls are essential security mechanisms used on almost all web sites today. Despite the excellent protection they offer against many types of attacks, WAF is inadequate to protect against today’s SQL Injection (SQLi) attacks.
As most products do, MySQL comes "ready-to-work" out of the box. Usually, security is not a major consideration when installing this kind of product. Often, the most important issue is to get it up and running as quickly as possible so that the organization can benefit. This document is intended as a quick security manual to help you bring an installed MySQL database server into conformity with best security practices.
This paper contains administrative and operational tasks that should be taken in account from a security perspective when using Mircosoft SQL Server. The article covers operative instructions and example of code snippets needed for DBA's and Server administrators.
