Dynamic Data Masking is an emerging technology that provides real-time data masking in changing environments, typically in production databases.

GreenSQL Dynamic Data Masking enables you to mask or randomize any sensitive information stored on Microsoft SQL Server, MySQL and PostgreSQL databases.

Join our live webinar and demo where David Maman,  security industry guru and GreenSQL Co-Founder and  CTO, will explain:

• What is Real-Time Dynamic Data Masking?
• How to dramatically reduce the risk of a data breach?

New GreenSQL 2.3 Version Strengthens Underlying Database Security Technology While Further Simplifying User Experience

GreenSQL new version is easier to configure and manage locally and on the cloud

The newest version of GreenSQL, 2.3, makes it even simpler to secure databases with its streamlined configuration and Amazon cloud compatibility.

GreenSQL provides unified database security protection against SQL injection attacks and other internal and external threats via database activity monitoring, real-time dynamic data masking, and database security.

• Version 2.3’s database security policy automatically detects SQL injection attempts. To ease administration, it automatically detects both the operating environment and database session

Computing Security Magazine has nominated GreenSQL in the Computing Security Awards and we need your votes to win.

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide and launched a commercial version in 2009.

Please vote for GreenSQL in the “Content Security Solution of the Year” category on the voting page! 

Thank you for your help!

Dear friends,

SQL Server Magazine has nominated GreenSQL for a Community Choice Awards and we need your votes to win.  Vote for GreenSQL in the “Best Security/Auditing/Compliance Product” category on the voting page.

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide and launched a commercial version in 2009.

Vote GreenSQL in the Best Security/Auditing/Compliance Product Category (#6)! 

Thank you for your help!

GreenSQL

According to a recent survey conducted by The Hartford Financial Services Group Inc., 85 percent of small business owners believe a data breach is unlikely.

However, small business owners acknowledge the negative business impact of a possible data breach – nearly two-thirds of business owners (61 percent) believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees. More than a third (38 percent) say they have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.

The survey also indicated that about a third of business owners (34 percent) say they would have difficulty complying with

A Columbus, Ohio lawmaker wants to ensure that the public quickly becomes aware of online security breaches.

The legislation bill, soon to be introduced, will require state agencies, businesses, and institutions to report any database security breach to the Ohio attorney general’s office if any Ohio resident’s personal information was accessed.
The bill is jointly sponsored by a Dayton, Ohio, lawmaker.

The proposal also would require that the security breach report be filed no later than 40 days following its discovery. The attorney general’s office would compile the breaches into a public, searchable database.

However, many small

Dynamic Data Masking is an emerging technology that provides real-time data masking in changing environments, typically in production databases.

GreenSQL Dynamic Data Masking enables you to mask or randomize any sensitive information stored on MS SQL Server, MySQL and PostgreSQL databases.

Register Now!

When? Wednesday, May 23, 2012 (9:00 am PDT; 12:00 pm EST; 16:00 pm GMT; 19:00 pm GMT+3:00)

In this webinar, David Maman, GreenSQL Founder and CTO, will explain:

• What Real-Time Dynamic Data Masking is?
• How to

Join GreenSQL at Infosecurity Europe 2012. Visit the GreenSQL booth J83b at the New Exhibitor Zone for live product demos and your chance to win a very cool tech gadget.

Book an appointment: marketing@greensql.com

See live demos and hear from our expert, GreenSQL’s Founder and CTO, David Maman.

For more information please visit our website: http://www.greensql.com/

In the past few years, hackers, hacktivists and criminals have targeted millions of databases. Any information you own is at risk.

Join GreenSQL’s live webinar and learn the actions required in order to protect your invaluable information and that of your customers.

Security expert David Maman, Founder and CTO of GreenSQL, the Unified Database Security Company, will cover the following topics:

-         Advanced database hacking methods

-         Common database security threats

-         How to protect databases from SQL injection attacks

-         Separation of

The GreenSQL Unified Database Security solution is proceeding at a rapid pace. We are pleased to announce that our latest release, GreenSQL 2.1.4, is available for immediate download.

The GreenSQL Unified Solution features Security, Auditing, Masking and Performance for databases  in one suite, ensuring that databases are protected from internal and external threats in real-time, while improving performance and facilitating database security policy compliance.

Download any GreenSQL package and get GreenSQL’s Enterprise Edition functionality for an evaluation period of 14 days. 

Read more: 

Last Wednesday evening, I gave a talk at the WizeNight gathering in Tel Aviv, Israel. Wize is a new nonprofit organization that organizes WizeNights, free lectures for people who want to learn interesting and important things, over a beer. This time, the event took place at the Bialik Bar.

My talk covered topics such as the hype about recent computer security attacks, the lack of social networking security for our virtual presence, database information security, credit card readers and zero-day attacks.

Here are 5 facts I shared with the crowd that most didn’t know:

1. Identity theft is a bigger crime than drugs in the U.S.
2. Social networking is highly unsecured.
3. Many of the largest companies worldwide have been exposed to SQL injection attacks.

Summary

As part of GreenSQL’s Database security research,  we’ve been validating and extending coverage of known and unknown vulnerabilities in order to increase GreenSQL product security, at this post we will reveal a full working Prove of Concept for the CVE-2007-4517 vulnerability which executes arbitrary code.

The Exploit: PL/SQL/2007-4517 exploit is a PL/SQL procedure that exploits the CVE-2007-4517 vulnerability, also known as Oracle Database XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure Multiple Argument Remote Overflow.

The vulnerability is caused due to a boundary error in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure when processing the OWNER and NAME arguments to create an SQL query.

This can be exploited to cause a buffer overflow by passing overly long OWNER and NAME arguments to the affected

Overview
=======

In order to get the system date in Oracle, you able to query for sysdate field in table dual.
SQL> select sysdate from dual;
SYSDATE
————–
15-SEP-11

SYSDATE format is set in: nls_date_format.

Following the publication: Lateral SQL Injection: A New Class of Vulnerability in Oracle, (http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf) published by David Litchfield, FEB/2008.

This post provides an overview and a demonstration on how this issue is still easily exploitable in Oracle Database.

Vulnerability
=========

Nls_date_format allows input of any string without filtering.
Example:  alter session set nls_date_format = ‘”the time is:”…

Overview
=======
In many cases, the user’s input is limited to a specific length.
Although the user’s input length is limited, many times the server is vulnerable to SQL Injection attack’s.
In this post, we’ll discuss two scenarios and how SQL injections attacks are being exploited using shortest SQL injection attack syntax.

Get Database Name through 2-fields attack
==============================
In this scenario, the attacker attacks a web application which receives First-Name and Last-Name, and outputs its matched e-mail address. (see appendix A)

The original SQL query sent to the database is:

select EmailAddress from Person.Contact where FirstName = ‘@fn’ and LastName = ‘@ln’; –where @fn and @ln are the user’s

 
Overview
=======
Blind SQL Injection is an attack which the attacker gets an indication for the query execution success. The attacker doesn’t get the query results.
Most of the time, the indication bases on server errors or customized application errors.

Time-Based Blind SQL Injection
======================
Sometimes the attacker might not be able to identify the query execution success, because the server/application doesn’t show any error.
One of the techniques to get an indication for the query execution success called Time-Based Blind SQL Injection.
With this technique, the attacker executes functions that take some time to finish (for example: Benchmark, Delay, etc.). By measuring the time took the application to response, the attacker might be able to identify if the query

GreenSQL invites you to participate in our May Webinars
MAY 18- Securing Databases in Minutes with GreenSQL Express
MAY 24 – Unified Database Security, the Next Generation of Database Security
Press here to sign
http://hosted.verticalresponse.com/579426/4aa0167718/316941501/bdea25b57a/

Hi Everyone,

I would like to personally invite you to a GreenSQL Express Webinar,
I’ll be demonstrating GreenSQL Express, the free and simple way to keep your information private and safe.

On Wednesday, March 16th (just 2 weeks from now),
It’s called “How to Protect Sensitive Information in Minutes: Setting up GreenSQL Express with Basic Security Rules”

If you’re serious about protecting your data, you need to hear and see how it’s done. I’ll talk about:

1. Why you need a Database firewall / security solution
2. Where and How to install GreenSQL Express in your infrastructure
3. How to use GreenSQL Express to protect you database
4. How to create the security polices you need in minutes
5. How to protect your database from SQL injection attacks
6. How to

From the Security threat report 2011 by Sophos, Page 46:

“Cybercrime is encroaching more and more into the business space. Industrial espionage, spearphishing of important employees to breach network boundaries and mass theft of customer information are more diffcult to detect and have very serious consequences. At the same time, network boundaries are becoming ever more indistinct and porous as new technologies enable greater access from remote workers and mobile devices. In addition, legal requirements place greater emphasis on traceability and compliance with predefned standards of data hygiene.

Increasing amounts of sensitive data is stored, accessed and manipulated in databases connected to company websites as businesses increasingly interact with their customers

New Community version of GreenSQL Database Firewall, version 1.3 is now available.
GreenSQL 1.3 includes new features, many bug fixes and enhancements.

In this version, GreenSQL improvers the native support for PostgreSQL (http://www.postgresql.org) databases, improvers the native support for MySQL (http://www.mysql.com (http://www.mysql.com/)) databases and provides many Protocol and Network Optimizations. The Web Based GUI usability has been improved and many bugs been fixed.

GreenSQL community version 1.3.0 improvements and enhancements include:

1. Proxies dashboard: correctly displaying the proxy current status
2. Proxies automatic reloading fixes
3. Alerts include User IP Address
4. MySQL and PostgreSQL protocol fixes
5. Network optimizations
6. Alerts

We are proud to announce the release of GreenSQL Pro and GreenSQL Light, our first commercial Unified Database Security solutions, designed to provide all organizations – from small and medium businesses all the way to large enterprises – robust database security at an affordable price.

“Commercial Unified Database Security solutions” is a mouthful. Let’s look at what that means.

For us, commercial has several meanings. First, we have designed GreenSQL Pro for commercial organizations; second, we charge a modest fee for it; and third, unlike our open source code, we take full responsibility for it.

How about unified? To be unified, something must first have parts. GreenSQL Pro and GreenSQL Light include many aspects of database security within them, all

Since the early days of GreenSQL, many people have written us asking why exactly they should implement a database security solution if they have already hardened their web application and are using a web application firewall, like mod_security, or even a professional closed source web application firewall such as Imperva, Breach, or F5.

The answer is not as simple as you may think, and I’m not going to preach to you about the great advantages using GreenSQL in front of your MySQL or PostgreSQL Database.

I’m going to highlight a few obvious current situations which will help you see the full picture of your Database security needs.

What is the core of the company?

When you come right down to it, the Database, eventually, is the core of your company or organization. All the information that the company is built

GreenSQL- December 2, 2009

GreenSQL has just announced that version 1.2 of its database firewall will provide PostgreSQL databases with the same protection from SQL Injection already enjoyed by MySQL databases. GreenSQL version 1.2 is now available for download as Open Source software from the company’s website at http://www.greensql.net/download

PostgreSQL is a popular Open Source database in wide use by small to medium-sized businesses. Currently, there is no solution, either Open or Closed Source, that provides a database firewall for PostgreSQL databases. As a result, they may be vulnerable to SQL injection attacks, one of the most widespread ways for gaining access to sensitive information stored in a database and/or taking control of a host server.

SQL injection, widely used by criminals, tricks Web applications