Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Databases

code intelligence

New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access

Apr 20, 2023 By Roman Wagner In Code Intelligence
We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz.
Read Post
Trustwave

Dissecting Buffer Overflow Attacks in MongoDB

Apr 19, 2023 By Trustwave In Trustwave

Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability affected almost all versions of MongoDB, up to v4.5.0, but was discussed and patched appropriately. The vulnerability, CVE-2020-7928, abuses a well-known component of MongoDB, known as the Handler, to carry out buffer overflow attacks by way of null-byte injections.

Read Post
splunk

The SQL Injection Guide: Attacks, Types, Signs & Defense Against SQLi

Mar 23, 2023 By Muhammad Raza In Splunk
Most dynamic web applications and sites — ones that store and process user information — use some sort of database implementation. One of the most common implementations involves SQL. Structured Query Language is a standard language for relational database management systems (RDBMS). It lets you query database records, change and modify them, set permissions, create custom views and storage procedures.
Read Post
CloudCasa

Schedule and Automate Postgres Backups on Kubernetes

Mar 23, 2023 By Vedant Khairnar In CloudCasa

Postgres, also known as PostgreSQL, is a powerful open-source relational database that has been around for over 30 years. It has a strong reputation for reliability, scalability, and performance, which is why it is used by a wide range of organizations, from small businesses to large enterprises, across various industries. Whether you need to store and retrieve large amounts of data, run complex queries, or support business-critical applications, Postgres can handle it all.

Read Post

SQL Server hardening

Mar 23, 2023 By CalCom In CalCom
To safeguard the SQL layer against common SQL-based attacks, including Denial of Service, Brute Force, and SQL injections, and to prevent privilege escalations, hardening the SQL server is of utmost importance. Achieving compliance and satisfying auditors also necessitates SQL hardening. By implementing SQL hardening measures at both the application and operating system levels, the organization can significantly reduce its attack surface and eliminate critical vulnerabilities.
View Video
CloudCasa

Schedule and Automate MongoDB Backup and Restore on Your Kubernetes Cluster

Mar 5, 2023 By Vedant Khairnar In CloudCasa

In this blog we will guide you step by step through using CloudCasa to backup and restore NoSQL databases such as MongoDB operating in your Kubernetes environment. Before we begin, let’s have some basic understanding of the database under test. NoSQL databases provide a variety of benefits including flexible data models, horizontal scaling, lightning-fast queries, and ease of use for developers.

Read Post
tripwire

10 Database Security Best Practices You Should Know

Mar 2, 2023 By Katrina Thompson In Tripwire

Around 39 billion records were compromised between January and December of last year, according to Flashpoint’s 2022 A Year in Review report. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from network security practices. The former involves physical steps, software solutions and even educating your employees.

Read Post
netwrix

Compromising SQL Server with PowerUpSQL

Feb 17, 2023 By Joe Dibley In Netwrix

If you’re after a toolkit to own Microsoft SQL Server from end to end, what you need is PowerUpSQL. Implemented in PowerShell and as complete as they come, PowerUpSQL has tools to discover, compromise and own just about any SQL system. It’s the whole kill chain in one tool. This article details how to perform the critical attack steps using PowerUpSQL.

Read Post

How Code Coverage Helped Me Find 3 SQL Injections

Jan 10, 2023 By Code Intelligence In Code Intelligence
For web applications with a login, it is kind of obvious that you cannot achieve a high coverage without logging in. Any experienced tester would be able to recognize this immediately. And even for blackbox scans, most developers would use a login to improve their code coverage.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.