Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


How Code Coverage Helped Me Find 3 SQL Injections

For web applications with a login, it is kind of obvious that you cannot achieve a high coverage without logging in. Any experienced tester would be able to recognize this immediately. And even for blackbox scans, most developers would use a login to improve their code coverage.

Backup and Restore of MySQL Database in a Kubernetes Environment

MySQL database is one of the most popular open-source relational database management systems, and it is a top choice for some of the world’s favorite websites and web applications including YouTube, Twitter, and WordPress. Handling so much data and protecting it is incredibly important to organizations.


Defragging database security in a fragmented cloud world

Security can often be distilled down to protecting data. And with microservice-driven applications, the approach to cloud database security has evolved quite dramatically. Beyond just securing data in the cloud, it’s now also difficult to know where the data resides, where the data is flowing, and how this data should be classified.


Why Database Security is Integral to an Organization's Overall Security Posture

An organization's database contains intellectual property, information on clients, product development, personal information on its workers, and in many cases, critical information on consumers. Therefore, it not only makes sense to fully understand how an attacker can threaten a database, but how to best defend against such an attack. So, what are those dangers? In no particular order, the most significant threats facing databases today are system, privilege, and credential threats.


PUBLIC Role in Oracle

Roles make it easier to grant and revoke privileges for users of a relational database. Rather than managing privileges for each user individually, you manage privileges for each role and all changes apply to all users who are assigned that role. Organizations often create multiple roles to suit their unique needs. However, most databases come with a pre-defined role called PUBLIC. In this blog, we explain what the PUBLIC role means in Oracle and key best practices for using it.


Public Role in SQL Server

Database roles are similar to Windows groups — rather than revoking or granting access to each user separately, administrators manage access by granting or revoking permissions from roles and by changing role membership. Using roles makes it easier to accurately grant and revoke privileges for database users. And since multiple users can be members of a SQL database role, you can easily manage rights for a whole group of users at once.


Automating RDS Security Via Boto3 (AWS API)

When it comes to security in AWS, there is the shared responsibility model for AWS services, which is divided into AWS responsibility ‘security of the cloud’ and customer responsibility ‘security in the cloud’. For more detail on this please check the shared-responsibility-model. Figure 1: AWS Shared Responsibility Model Source: shared-responsibility-model


Major Database Security Threats & How You Can Prevent Them

Organizations and businesses must use a range of measures, protocols, and tools to protect their databases from cybercriminals. If breached, malicious actors can gain access to sensitive information that they can use for financial gain. Security teams must adapt and constantly improve to protect against ever-evolving security threats, and maintain the integrity of a database. This article will discuss the major database security threats, and how you can prevent them.


How to Connect to Microsoft SQL Server Remotely Using Teleport

Support for Microsoft SQL Server was added in our Teleport 9 release, along with support for Redis and MariaDB. In this post, we'll specifically be looking at Microsoft SQL Server and will cover how to connect to it remotely using Teleport. Before we get into the steps of accessing SQL Server with Teleport, let's briefly go over a few recommended security postures with SQL Server and how Teleport actually helps to implement them.

code intelligence

How To Test for SQL Injections [Complete Guide]

In theory, modern web frameworks provide secure ways of accessing databases, making SQL injections a non-issue. The reality looks much different. Among other injection vulnerabilities, SQL injections are still atop the OWASP Top 10, and organizations still frequently fall victim. Therefore there is no way around software security testing solutions that can reliably detect SQL injections.