Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 10 of 21 10 Older Entries

Displaying posts with tag: database security (reset)

Database security: Why should you review yours?
+0 Vote Up -0Vote Down

Ah database security… the black sheep of topics and something you would really rather not have to deal with right?

I mean surely all the fanfare and paranoia is reserved for the neck beards with tinfoil hats whom live in their own D.I.Y Faraday cage … that must be it … it just has to be?

No, the hard reality is the world is not rose tinted and “they” are out to get you be it for fun or for profit; from defacements to theft compromising your applications, and more importantly your data is big business. For some these acts are nothing short of sheer entertainment for an otherwise boring evening. …

  [Read more...]
Join our live webinar and learn how to protect your most sensitive information – It’s time to take action!
+0 Vote Up -0Vote Down

In the past few years, hackers, hacktivists and criminals have targeted millions of databases. Any information you own is at risk.

Join GreenSQL’s live webinar and learn the actions required in order to protect your invaluable information and that of your customers.

Security expert David Maman, Founder and CTO of GreenSQL, the Unified Database Security Company, will cover the following topics:

…  [Read more...]
It’s Time to Take Action – GreenSQL 2.1.4 Is Now Available
+0 Vote Up -1Vote Down

The GreenSQL Unified Database Security solution is proceeding at a rapid pace. We are pleased to announce that our latest release, GreenSQL 2.1.4, is available for immediate download.

The GreenSQL Unified Solution features Security, Auditing, Masking and Performance for databases  in one suite, ensuring that databases are protected from internal and external threats in real-time, while improving performance and facilitating database security policy …

  [Read more...]
New Frontiers in Information Security – Insights from my lecture at WizeNight
+0 Vote Up -0Vote Down

Last Wednesday evening, I gave a talk at the WizeNight gathering in Tel Aviv, Israel. Wize is a new nonprofit organization that organizes WizeNights, free lectures for people who want to learn interesting and important things, over a beer. This time, the event took place at the Bialik Bar.

My talk covered topics such as the hype about recent computer security attacks, the lack of social networking security for our virtual presence, database information security, credit card readers and zero-day attacks.

Here are 5 facts I shared …

  [Read more...]
New exploit to Oracle CVE-2007-4517 vulnerability
+0 Vote Up -0Vote Down

Summary

As part of GreenSQL’s Database security research,  we’ve been validating and extending coverage of known and unknown vulnerabilities in order to increase GreenSQL product security, at this post we will reveal a full working Prove of Concept for the CVE-2007-4517 vulnerability which executes arbitrary code.

The Exploit: PL/SQL/2007-4517 exploit is a PL/SQL procedure that exploits the CVE-2007-4517 vulnerability, also known as Oracle Database XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure Multiple Argument Remote Overflow.

The vulnerability is caused due to a boundary error in the …

  [Read more...]
Lateral SQL Injection in Oracle Database
+0 Vote Up -0Vote Down

Lateral SQL Injection in Oracle Database

 

Overview
=======

In order to get the system date in Oracle, you able to query for sysdate field in table dual.
SQL> select sysdate from dual;
SYSDATE
————–
15-SEP-11

SYSDATE format is set in: nls_date_format.

Following the publication: Lateral SQL Injection: A New Class of Vulnerability in Oracle, (http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf) published by David Litchfield, FEB/2008.

This post provides an overview and a demonstration on how this issue is still easily exploitable …






  [Read more...]
Shortest SQL Injection Attack
+0 Vote Up -0Vote Down

 

Shortest SQL Injection Attack syntax

 

Overview
=======
In many cases, the user’s input is limited to a specific length.
Although the user’s input length is limited, many times the server is vulnerable to SQL Injection attack’s.
In this post, we’ll discuss two scenarios and how SQL injections attacks are being exploited using shortest SQL injection attack syntax.

Get Database Name through 2-fields attack
==============================
In this scenario, the attacker attacks a web application which receives First-Name and Last-Name, and outputs its matched e-mail …





  [Read more...]
Time-Based Blind SQL Injection
+0 Vote Up -0Vote Down

Time-Based Blind SQL Injection

 
Overview
=======
Blind SQL Injection is an attack which the attacker gets an indication for the query execution success. The attacker doesn’t get the query results.
Most of the time, the indication bases on server errors or customized application errors.

Time-Based Blind SQL Injection
======================
Sometimes the attacker might not be able to identify the query execution success, because the server/application doesn’t show any error.
One of the techniques to get an indication for the query execution success called Time-Based Blind SQL …






  [Read more...]
The Four Security Layers of a Web Environment
+0 Vote Up -0Vote Down

Is your web environment secure? All of it?

Many people believe that if they’ve installed a network firewall, they’ve done their duty. They think that a firewall is like a strong barrier or moat protecting their information assets and that no more is needed. Wrong! Just as in times of old, tunnels can be dug under the moat, ladders can be used to scale the wall, and secret passageways can be found into the castle.

A web environment has four layers that need protection: the Network level, the Application level, the Operating System level and the Database level. Most people think of these layers as being one within the other, …

  [Read more...]
GreenSQL May Webinars invitation
+0 Vote Up -0Vote Down

GreenSQL invites you to participate in our May Webinars
MAY 18- Securing Databases in Minutes with GreenSQL Express
MAY 24 – Unified Database Security, the Next Generation of Database Security
Press here to sign
http://hosted.verticalresponse.com/579426/4aa0167718/316941501/bdea25b57a/

Showing entries 1 to 10 of 21 10 Older Entries

Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.