Your SlideShare is downloading. ×



Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Presentation OfDatabase Management System
  • 2. Introduction• Name: MD. Wasim Akram• ID: UG 02 22 09 016• Department: CSE
  • 3. Topic• Threats of Database In E-Commerce
  • 4. What Is Commerce• Commerce• CCommerce: Exchange of Goods / Services• SContracting parties: Buyer and Seller• CFundamental principles: Trust and Security• S
  • 5. What is E Commerce• E-Commerce• EAutomation of commercial transactions using computer and communication technologies• t Facilitated by Internet and WWW• F Business-to-Business: EDI• BBusiness-to-Consumer: WWW retailing
  • 6. Continued• CSome features:• –Easy, global access, 24 hour availability• –Customized products and services• –Back Office integration• –Additional revenue stream
  • 7. Problems of E-Commerce
  • 8. E-Commerce risks• ECustomers risks• –Stolen credentials or password• –Dishonest merchant• –Disputes over transaction• –Inappropriate use of transaction details• - Merchant’s risk
  • 9. Continued• Forged or copied instruments• –Disputed charges• –Insufficient funds in customer’s account• –Unauthorized redistribution of purchased items• i Main issue: Secure payment scheme
  • 10. Overview• Levels of data security• Authorization in databases• Application Vulnerabilities• Summary and References
  • 11. Levels of Data Security• Human level: Corrupt/careless User• Network/User Interface• Database application program• Database system• Operating System• Physical level
  • 12. Database Threats• Disclosure of valuable and private information could irreparably damage a company• Security is often enforced through the use of privileges• Some databases are inherently insecure and rely on the Web server to enforce security measures
  • 13. Continued• Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. – Loss of integrity – Loss of availability – Loss of confidentially
  • 14. Explanation Of Threats in Database• 1. Privilege abuse: When database users are provided with privileges that exceeds their day-to-day job requirement, these privileges may be abused intentionally or unintentionally.• 3. Database rootkits: A database rootkit is a program or a procedure that is hidden inside the database and that provides administrator-level privileges to gain access to the data in the database. These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS).• 4. Weak authentication: Weak authentication models allow attackers to employ strategies such as social engineering and brute force to obtain database login credentials and assume the identity of legitimate database users.
  • 15. Different AuthorizationDifferent authorizationsfor different users Accounts clerk vs. Accounts manager vs. End users
  • 16. Database/Application Security• Ensure that only authenticated users can access the system• And can access (read/update) only data/interfaces that they are authorized to access
  • 17. How to protect database• To protect database against these types of 4 kinds of countermeasures can be implemented: – Access control – Inference control – Flow control – Encryption
  • 18. Conclusion• Thank you my Honorable Teacher for giving me the privilege for this Presentation………• Any questions?????