Database security is critical but often developers are not prepared for potential attacks find an article on a web based database that has been attacked or exploited summarize what happened and include URL. Database security is critical but often developers are not prepared for potential attacks find an article on a web based database that has been attacked or exploited summarize what happened and include URL. Solution Guardian jobs database attack demonstrates difficulties of database security One of the most popular job sites in Britain with more than ten million unique users. Managed by third-party job board software supplier Madgex, the cracked database contained names, e-mail addresses, covering letters and CVs. Widespread exposure Every year we share more of ourselves online- Each time we do any of these things, we place our data and our faith in commercial databases - Oracle, Microsoft SQL Server, IBM DB2, Sybase, MySQL - and the overarching security measures taken by the businesses that own these databases. the Guardian breach has alerted IT and security managers of the need to protect their user data and to consider data security from every angle. Most have already spent time, money and valuable resources securing their network perimeters with firewalls and anti-virus software, and even protecting their laptops with hard disc encryption and DLP solutions. It is a necessary step, but one which can also be guilty of generating a false sense of security. SQL vulnerability So how was The Guardian\'s data accessed? Well, all fingers point to an SQL injection vulnerability, a method currently in favour with hackers and data thieves. SQL injection attacks exploit vulnerabilities at the web application layer to access sensitive data in back-end databases. These web-based attacks pass undetected through firewalls and other perimeter defences, including intrusion detection and intrusion prevention systems, then hijack the application server to gain access to underlying database records. Yet databases remain vulnerable. Which prompts the question, just how many organisations are still open to this type of attack? And how many organisations do not understand that they are at risk. Continuous monitoring Until recently, identifying unauthorised or suspicious access to databases was impractical and complex. Logging all activity in the database itself significantly degrades system performance, while at the same time generating massive amounts of transaction records, which creates a \"needle in the haystack\" problem since all of the monitoring data must then be analysed and filtered to identify anomalous activity, typically using home-grown scripts. Big responsibility But why access The Guardian\'s job site at all? The answer is the first rule of hacking: because somebody discovered that they could. It may be argued that the theft of names, e-mail addresses, CVs and cover letters is relatively unimportant, almost unthreatening.The definition of sens.