The document outlines essential database security practices, emphasizing the risks of unpatched vulnerabilities and improper configurations. It details common attack methods such as SQL injection and unencrypted backups, along with mitigation strategies including password policies and regular audits. Case studies on Oracle and MySQL emphasize the importance of proactive security measures tailored to each database type.

1. Hardening the Defense of Database Server Database Security

2. Presentation Outline The Importance of Database Security 1 Finding Database Server Holes 2 Type of Database Attacks 3 Oracle Study Case 4 MySQL Study Case 5

3. Importance of Database Security Databases often store sensitive data

4. Incorrect data or loss of data could negatively affect business operations

5. Databases can be used as bases to attack other systems from

6. Principles of Finding Holes Don't believe the documentation

7. Implement your own client

8. Debug the system to understand how it works

9. Identify communication protocols

10. Understand arbitrary code execution bugs

11. Write your own "fuzzers"

12. Top Six Database Attack* [1] Brute-force (or not) cracking of weak or default usernames/passwords

13. Privilege escalation

14. Exploiting unused and unnecessary database services and functionality

15. Targeting unpatched database vulnerabilities

16. SQL injection

17. Stolen backup (unencrypted) tapes * based on : http://www.darkreading.com/security/encryption/211201064/index.html