SlideShare a Scribd company logo

Database Security

Download as PPT, PDF
R
RabiaIftikhar10

What is database security and why it's important.

Software
1 of 14
Database  Database is the collection of logically related data that satisfy the needs of an organization.  Data is organized into rows, columns and tables.  Data gets updated, expanded and deleted as new information is added.  Databases hold the backbone of an organization.
Database security  Databases often contain extremely sensitive information that must be protected from security vulnerabilities and exploits.  It contain customers, employee info, financial data for both the company and its customers, and much more are all held in databases.  Database security and integrity are important aspects of an organization’s security.
Database Security  It is not desirable for all users to see the entire logical model.  Security considerations may require that certain data be hidden from users.  To do so, applications must authenticate users, and ensure that users are only allowed to carry out authorized tasks.
 For example, in a university, payroll personnel need to see only that part of the database that has financial information. For example,  SELECT ID, name, dept name FROM instructor
• According to technology Application Security, the following are the top 10 threats related to databases: • Default or weak passwords, SQL injection, Excessive user and group privileges, Unnecessary DBMS features enabled, Broken configuration management, Buffer overflows, Privilege escalation, Denial of service, Un-patched RDBMS, Unencrypted data, Privacy
Security Loopholes  In this section, we first describe several security loopholes that can permit hackers to carry out actions.  The authentication and authorization carried out by the application, and explain how to prevent such loopholes.
 Many databases today store sensitive customer information, such as credit card numbers, names, fingerprints, signatures, and identification numbers such as, social-security numbers.  A criminal who gets access to such data can use it for a variety of illegal activities such as purchasing goods using a credit-card number, or even acquiring a credit card in someone else’s name.
 Organizations such as credit-card companies use knowledge of personal information as a way of identifying who is requesting a service or goods.  Leakage of such personal information allows a criminal to impersonate someone else and get access to service or goods; such impersonation is referred to as identity theft.
Encrypted  Thus, applications that store such sensitive data must take great care to protect them from theft.  To reduce the chance of sensitive information being acquired by criminals, many countries and states today require by law that any database storing such sensitive information must store the information in an encrypted form.
 There are a vast number of techniques for the encryption of data. Simple encryption techniques may not provide adequate security, since it may be easy for an unauthorized user to break the code.  As an example of a weak encryption technique, consider the substitution of each character with the next character in the alphabet. Thus, Perry ridge Becomes Qfsszsjehf.
 Password-based authentication is used widely by operating systems as well as databases.  A more secure scheme involves a challenge– response system. The database system sends a challenge string to the user.  The user encrypts the challenge string using a secret password as encryption key and then returns the result.  Encryption of certain sensitive data stored in databases is a legal requirement in many countries and states.
 Apattention to security, to prevent attacks such as SQL injection attacks and cross-site scripting attacks  Aplication developers must pay careful Protecting the privacy of data is an important task for database applications.
Properties  A good encryption technique has the following properties:  It is relatively simple for authorized users to encrypt and decrypt data.  It depends on the algorithm called the encryption key, which is used to encrypt data.  Its decryption key is extremely difficult for an intruder to determine, even if the intruder has access to encrypted data.
Database Security

Recommended

Database security
Database securityDatabase security
Database securityCAS
 
Database backup and recovery
Database backup and recoveryDatabase backup and recovery
Database backup and recoveryAnne Lee
 
Type of database models
Type of database modelsType of database models
Type of database modelsSanthiNivas
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database administrator
Database administratorDatabase administrator
Database administratorTech_MX
 
Normalization
NormalizationNormalization
NormalizationSalman Memon
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Schema
SchemaSchema
SchemaPragya Srivastava
 

Recommended

Database security
Database securityDatabase security
Database securityCAS
 
Database backup and recovery
Database backup and recoveryDatabase backup and recovery
Database backup and recoveryAnne Lee
 
Type of database models
Type of database modelsType of database models
Type of database modelsSanthiNivas
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database administrator
Database administratorDatabase administrator
Database administratorTech_MX
 
Normalization
NormalizationNormalization
NormalizationSalman Memon
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Schema
SchemaSchema
SchemaPragya Srivastava
 
Types of keys in database management system by Dr. Kamal Gulati
Types of keys in database management system by Dr. Kamal GulatiTypes of keys in database management system by Dr. Kamal Gulati
Types of keys in database management system by Dr. Kamal GulatiAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraintsmadhav bansal
 
Database schema
Database schemaDatabase schema
Database schemaHerbertSemana1
 
Rdbms
RdbmsRdbms
RdbmsMuhammad Adeel Rajput
 
Database Design Slide 1
Database Design Slide 1Database Design Slide 1
Database Design Slide 1ahfiki
 
Database Administration
Database AdministrationDatabase Administration
Database AdministrationBilal Arshad
 
Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Jotham Gadot
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Types Of Keys in DBMS
Types Of Keys in DBMSTypes Of Keys in DBMS
Types Of Keys in DBMSPadamNepal1
 
SQL(DDL & DML)
SQL(DDL & DML)SQL(DDL & DML)
SQL(DDL & DML)Sharad Dubey
 
Dbms
DbmsDbms
Dbmssevtap87
 
File organisation
File organisationFile organisation
File organisationMukund Trivedi
 
Web security
Web securityWeb security
Web securityMuhammad Usman
 
Architecture of-dbms-and-data-independence
Architecture of-dbms-and-data-independenceArchitecture of-dbms-and-data-independence
Architecture of-dbms-and-data-independenceAnuj Modi
 
Query optimization in SQL
Query optimization in SQLQuery optimization in SQL
Query optimization in SQLAbdul Rehman
 
Normalization in DBMS
Normalization in DBMSNormalization in DBMS
Normalization in DBMSPrateek Parimal
 
Data warehousing
Data warehousingData warehousing
Data warehousingShruti Dalela
 
Dbms Introduction and Basics
Dbms Introduction and BasicsDbms Introduction and Basics
Dbms Introduction and BasicsSHIKHA GAUTAM
 
Databases: Normalisation
Databases: NormalisationDatabases: Normalisation
Databases: NormalisationDamian T. Gordon
 
File organization and introduction of DBMS
File organization and introduction of DBMSFile organization and introduction of DBMS
File organization and introduction of DBMSVrushaliSolanke
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and complianceActian Corporation
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 

More Related Content

What's hot

Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraintsmadhav bansal
 
Database Design Slide 1
Database Design Slide 1Database Design Slide 1
Database Design Slide 1ahfiki
 
Database Administration
Database AdministrationDatabase Administration
Database AdministrationBilal Arshad
 
Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Jotham Gadot
 
Types Of Keys in DBMS
Types Of Keys in DBMSTypes Of Keys in DBMS
Types Of Keys in DBMSPadamNepal1
 
Architecture of-dbms-and-data-independence
Architecture of-dbms-and-data-independenceArchitecture of-dbms-and-data-independence
Architecture of-dbms-and-data-independenceAnuj Modi
 
Query optimization in SQL
Query optimization in SQLQuery optimization in SQL
Query optimization in SQLAbdul Rehman
 
Dbms Introduction and Basics
Dbms Introduction and BasicsDbms Introduction and Basics
Dbms Introduction and BasicsSHIKHA GAUTAM
 
File organization and introduction of DBMS
File organization and introduction of DBMSFile organization and introduction of DBMS
File organization and introduction of DBMSVrushaliSolanke
 

What's hot (20)

Types of keys in database management system by Dr. Kamal Gulati
Types of keys in database management system by Dr. Kamal GulatiTypes of keys in database management system by Dr. Kamal Gulati
Types of keys in database management system by Dr. Kamal Gulati
 
Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraints
 
Database schema
Database schemaDatabase schema
Database schema
 
Rdbms
RdbmsRdbms
Rdbms
 
Database Design Slide 1
Database Design Slide 1Database Design Slide 1
Database Design Slide 1
 
Database Administration
Database AdministrationDatabase Administration
Database Administration
 
Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01
 
Security policies
Security policiesSecurity policies
Security policies
 
Types Of Keys in DBMS
Types Of Keys in DBMSTypes Of Keys in DBMS
Types Of Keys in DBMS
 
SQL(DDL & DML)
SQL(DDL & DML)SQL(DDL & DML)
SQL(DDL & DML)
 
Dbms
DbmsDbms
Dbms
 
File organisation
File organisationFile organisation
File organisation
 
Web security
Web securityWeb security
Web security
 
Architecture of-dbms-and-data-independence
Architecture of-dbms-and-data-independenceArchitecture of-dbms-and-data-independence
Architecture of-dbms-and-data-independence
 
Query optimization in SQL
Query optimization in SQLQuery optimization in SQL
Query optimization in SQL
 
Normalization in DBMS
Normalization in DBMSNormalization in DBMS
Normalization in DBMS
 
Data warehousing
Data warehousingData warehousing
Data warehousing
 
Dbms Introduction and Basics
Dbms Introduction and BasicsDbms Introduction and Basics
Dbms Introduction and Basics
 
Databases: Normalisation
Databases: NormalisationDatabases: Normalisation
Databases: Normalisation
 
File organization and introduction of DBMS
File organization and introduction of DBMSFile organization and introduction of DBMS
File organization and introduction of DBMS
 

Similar to Database Security

How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyTentacle Cloud
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
Carrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsCarrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsIaetsd Iaetsd
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET Journal
 

Similar to Database Security (20)

Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data Effectively
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industry
 
Carrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsCarrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoors
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Dstca
DstcaDstca
Dstca
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Data masking a developer's guide
Data masking a developer's guideData masking a developer's guide
Data masking a developer's guide
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for Governments
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
 
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
 

Recently uploaded

Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 

Recently uploaded (20)

Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 

Database Security

  • 1. Database  Database is the collection of logically related data that satisfy the needs of an organization.  Data is organized into rows, columns and tables.  Data gets updated, expanded and deleted as new information is added.  Databases hold the backbone of an organization.
  • 2. Database security  Databases often contain extremely sensitive information that must be protected from security vulnerabilities and exploits.  It contain customers, employee info, financial data for both the company and its customers, and much more are all held in databases.  Database security and integrity are important aspects of an organization’s security.
  • 3. Database Security  It is not desirable for all users to see the entire logical model.  Security considerations may require that certain data be hidden from users.  To do so, applications must authenticate users, and ensure that users are only allowed to carry out authorized tasks.
  • 4.  For example, in a university, payroll personnel need to see only that part of the database that has financial information. For example,  SELECT ID, name, dept name FROM instructor
  • 5. • According to technology Application Security, the following are the top 10 threats related to databases: • Default or weak passwords, SQL injection, Excessive user and group privileges, Unnecessary DBMS features enabled, Broken configuration management, Buffer overflows, Privilege escalation, Denial of service, Un-patched RDBMS, Unencrypted data, Privacy
  • 6. Security Loopholes  In this section, we first describe several security loopholes that can permit hackers to carry out actions.  The authentication and authorization carried out by the application, and explain how to prevent such loopholes.
  • 7.  Many databases today store sensitive customer information, such as credit card numbers, names, fingerprints, signatures, and identification numbers such as, social-security numbers.  A criminal who gets access to such data can use it for a variety of illegal activities such as purchasing goods using a credit-card number, or even acquiring a credit card in someone else’s name.
  • 8.  Organizations such as credit-card companies use knowledge of personal information as a way of identifying who is requesting a service or goods.  Leakage of such personal information allows a criminal to impersonate someone else and get access to service or goods; such impersonation is referred to as identity theft.
  • 9. Encrypted  Thus, applications that store such sensitive data must take great care to protect them from theft.  To reduce the chance of sensitive information being acquired by criminals, many countries and states today require by law that any database storing such sensitive information must store the information in an encrypted form.
  • 10.  There are a vast number of techniques for the encryption of data. Simple encryption techniques may not provide adequate security, since it may be easy for an unauthorized user to break the code.  As an example of a weak encryption technique, consider the substitution of each character with the next character in the alphabet. Thus, Perry ridge Becomes Qfsszsjehf.
  • 11.  Password-based authentication is used widely by operating systems as well as databases.  A more secure scheme involves a challenge– response system. The database system sends a challenge string to the user.  The user encrypts the challenge string using a secret password as encryption key and then returns the result.  Encryption of certain sensitive data stored in databases is a legal requirement in many countries and states.
  • 12.  Apattention to security, to prevent attacks such as SQL injection attacks and cross-site scripting attacks  Aplication developers must pay careful Protecting the privacy of data is an important task for database applications.
  • 13. Properties  A good encryption technique has the following properties:  It is relatively simple for authorized users to encrypt and decrypt data.  It depends on the algorithm called the encryption key, which is used to encrypt data.  Its decryption key is extremely difficult for an intruder to determine, even if the intruder has access to encrypted data.