Musings on Database Security

Slavik’s Blog

Sunday, June 22nd, 2008

SQL Injection and separation of duties

Adrian Lane writes in his blog entry about separation of duties on the application level. While I agree with his sentiments I also know how hard it is to do so from the application development side. In most applications , database connections are using connection pooling. Creating such a separation makes the development process a [...]

No Comments » - Posted in SQL injection, security by Slavik

---

Friday, June 20th, 2008

Mass SQL Injection attack is still out there

Well, it was an interesting day today for us in Sentrigo. One of our customers was being attacked by this mass SQL injection and since our software identified the attack he came to us to help him cope with the situation. As explained in other places, the attack takes advantage of vulnerable web sites and [...]

6 Comments » - Posted in MS SQL Server, SQL injection, security by Slavik

---

• Tags

  bind_variables breach breach-notification compliance conference database-monitoring database-security database_security DBA educational_institutions hedgehog hipaa insider threat insider_threat intrusion monitoring MS SQL Server off-topic Oracle oracle_database_security oracle_security patching PCI Personal personally_identifiable_information pii presentation privacy regulatory-compliance sarbanes-oxley sb1386 security segregation_of_duties social_security_numbers SQL injection sql_injection technical technical tips TJX ukoug universities user identity visa vulnerability webcast

• Categories

  • breach
  • compliance
  • credit cards
  • DBA
  • encryption
  • insider threat
  • Java
  • monitoring
  • MS SQL Server
  • Oracle
  • OUG
  • patching
  • PCI
  • Personal
  • privacy
  • sb1386
  • security
  • SQL injection
  • technical tips
  • TJX
  • Uncategorized
  • universities
  • user identity

• Blogroll

  • Educational Security Incidents (ESI)
  • Julian Dyke
  • Oracle Chemist
  • Pete Finnigan’s Oracle security weblog
  • Peter Swire
  • Phat4Oracle
  • Security Incite
  • Securosis
  • Sentrigo
  • Tanel Poder

• Meta

  • Register
  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

•  

  August 2008

  M	T	W	T	F	S	S
  « Jun
  				1	2	3
  4	5	6	7	8	9	10
  11	12	13	14	15	16	17
  18	19	20	21	22	23	24
  25	26	27	28	29	30	31

Musings on Database Security is powered by WordPress 2.5.1 and delivered to you in 0.787 seconds using 20 queries.
Theme: Connections Reloaded v1.5 by Ajay D'Souza. Derived from Connections.