Database Security

MUST READ Preventing SQL Injections TIP - Learn what a SQL injection attack is, and how to defend yourself against it. Here are five methods to reduce the possibility of a future SQL injection attack on your database. Oracle patches 82 critical flaws ARTICLE - Attackers could exploit the latest Oracle vulnerabilities to access sensitive information, overwrite files or launch SQL injection attacks in numerous applications. Raising risk prospects with a new SQL injection threat ARTICLE - "Inference attacks" could deliver up your so-called secure database to an attacker.

NEWS: 1 - 3 of 87

	NitroSecurity covers its bases with RippleTech deal SearchSecurity.com | 16 Jul 2008 ARTICLE - NitroSecurity Inc. will integrate log management and database activity monitoring with security incident and event management (SIEM).

	Oracle releases 45 database, application fixes SearchSecurity.com | 15 Jul 2008 ARTICLE - Oracle released updates to repair dozens of flaws across its product line as part of its quarterly Critical Patch Update.

	Microsoft to issue Windows, SQL Server updates SearchSecurity.com | 07 Jul 2008 ARTICLE - Microsoft said it would repair vulnerabilities in SQL Server and Windows that could allow an elevation of privilege, spoofing and remote code execution.

	VIEW ALL NEWS ON DATABASE SECURITY

EXPERT TECHNICAL ADVICE: 1 - 3 of 28

DATABASE SECURITY EXPERTS
			Michael Cobb Founder and Managing Director, Cobweb Applications Ltd. ASK A QUESTION

	The ins and outs of database encryption 15 Apr 2008 TIP - In this tip, database security expert Rich Mogull examines the two primary use cases for database encryption, and offers his recommendations for making sure the job is done right.

	Should confidential data be indexed or used as the index key? 26 Oct 2007 EXPERT ANSWER - A recent attack uses a series of insert operations to find weaknesses in the database's indexing algorithm. Michael Cobb explains the nature of the threat and what it means for customer data.

	Can database extrusion products effectively prevent data loss? 05 Jul 2007 EXPERT ANSWER - In this SearchSecurity.com Q&A, security expert Michael Cobb explains how well database extrusion products can protect an organization's stored confidential information.

	VIEW ALL EXPERT TECHNICAL ADVICE ON DATABASE SECURITY

REFERENCE & LEARNING: 1 - 3 of 9

	Information security book excerpts and reviews SearchSecurity.com | 22 May 2008 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	Attacks targeted to specific applications By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - This is the fourth tip in our series, "How to assess and mitigate information security threats".

	Information theft and cryptographic attacks By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - The third tip in our series, "How to assess and mitigate information security threats".

	VIEW ALL REFERENCE & LEARNING ON DATABASE SECURITY

MAGAZINE CONTENT (free subscription required): 1 - 3 of 9

	Product review: Symantec Database Security 3.1 Information Security Magazine | 01 May 2008 HOT PICK & PRODUCT REVIEWS - DATABASE SECURITY

	Product Review: Imperva's SecureSphere Database Gateway Information Security Magazine | 01 Mar 2008 HOT PICK & PRODUCT REVIEWS - DATABASE SECURITY

	Product review: Application Security Inc.'s DbProtect Information Security Magazine | 01 Feb 2008 HOT PICK & PRODUCT REVIEWS - DATABASE SECURITY & COMPLIANCE

	VIEW ALL MAGAZINE CONTENT ON DATABASE SECURITY

WHITE PAPERS

	Follow Best Practices for Internal Controls and Separation of Duties to Ensure Compliant Database Management. Published by: Oracle Corporation | 15 Jul 2008 WHITE PAPER - This paper examine several best practices around database access and privilege controls and discuss how Oracle products can assist enterprises in achieving full compliance with data regulations.

	Access Path Technical Resource Guide Published by: CA | 18 Jun 2008 WHITE PAPER - Download this easy-to-use animated tool that describes in steps the various ways to access paths for DB2 z/OS version 9.

	CA Mainframe Security Compliance Published by: CA | 17 Jun 2008 SOFTWARE DEMO - In this video, learn how to combat against regulatory, staffing and audit pressures that security management shortcomings bring to the table.

	VIEW ALL WHITE PAPERS IN THIS TOPIC

WEBCASTS: 1 - 3 of 3

	Making effective use of database monitoring/auditing tools for security and compliance - Expert Webcast VIEW WEBCAST PREMIERED:   12 OCT 2006, 12:00 EDT (16:00, GMT) SUMMARY:   This webcast will help you understand how monitoring/auditing tools map to data compliance/security requirements and what to look for to determine which tools will work best for your environment.

	Enterprise Data Protection & Privacy - Vendor Webcast VIEW WEBCAST PREMIERED:   21 SEP 2005, 14:00 EDT (18:00, GMT) SUMMARY:   Watch industry Analyst Jon Oltsik discuss how organizations must transition from a passive approach to data security to an active approach that addresses new threats to sensitive data and increasingly strict legislation.

	CISSP Essentials: Mastering the Common Body of Knowledge -- Class 6, Applications and System Development - Expert Webcast VIEW WEBCAST PREMIERED:   16 DEC 2004, 09:00 EST (14:00, GMT) SUMMARY:   Applications and computer systems are usually developed for functionality first, not security. Listen to this presentation and learn how to build security into every system from the outset.

	VIEW ALL WEBCASTS ON DATABASE SECURITY

DEFINITIONS: 1 - 3 of 6

	data encryption/decryption IC 14 Nov 2005 WORD - A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data. Some such devices are intended for half-duplex operation (in which input and output do not ...

	MD4 01 Mar 2001 WORD - MD4 is an earlier version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that ...

	MD2 01 Mar 2001 WORD - MD2 is an earlier, 8-bit version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to ...

	VIEW ALL DEFINITIONS ON DATABASE SECURITY

	SEE ALSO - Topics Related to Database Security:  Email Security, Secure IM, Secure Software Development, Web Security, Application Firewalls, Securing Productivity Applications