SlideShare a Scribd company logo

Threats

Download as PPT, PDF
Mentalist Akram
Mentalist Akram

This document summarizes threats to databases in e-commerce. It discusses risks to customers like stolen credentials, dishonest merchants, and inappropriate use of transaction details. Merchants also face risks like disputed charges and insufficient customer funds. The main issue is implementing a secure payment scheme. It then outlines security levels from human to physical. Database threats include privilege abuse, database rootkits, and weak authentication. Different authorization levels are needed for different users. The document concludes protection requires access control, inference control, flow control, and encryption.

1 of 18
Presentation Of Database Management System
Introduction • Name: MD. Wasim Akram • ID: UG 02 22 09 016 • Department: CSE
Topic • Threats of Database In E-Commerce
What Is Commerce • Commerce • CCommerce: Exchange of Goods / Services • SContracting parties: Buyer and Seller • CFundamental principles: Trust and Security • S
What is E Commerce • E-Commerce • EAutomation of commercial transactions using computer and communication technologies • t Facilitated by Internet and WWW • F Business-to-Business: EDI • BBusiness-to-Consumer: WWW retailing
Continued • CSome features: • –Easy, global access, 24 hour availability • –Customized products and services • –Back Office integration • –Additional revenue stream
Problems of E-Commerce
E-Commerce risks • ECustomer's risks • –Stolen credentials or password • –Dishonest merchant • –Disputes over transaction • –Inappropriate use of transaction details • - Merchant’s risk
Continued • Forged or copied instruments • –Disputed charges • –Insufficient funds in customer’s account • –Unauthorized redistribution of purchased items • i Main issue: Secure payment scheme
Overview • Levels of data security • Authorization in databases • Application Vulnerabilities • Summary and References
Levels of Data Security • Human level: Corrupt/careless User • Network/User Interface • Database application program • Database system • Operating System • Physical level
Database Threats • Disclosure of valuable and private information could irreparably damage a company • Security is often enforced through the use of privileges • Some databases are inherently insecure and rely on the Web server to enforce security measures
Continued • Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. – Loss of integrity – Loss of availability – Loss of confidentially
Explanation Of Threats in Database • 1. Privilege abuse: When database users are provided with privileges that exceeds their day-to-day job requirement, these privileges may be abused intentionally or unintentionally. • 3. Database rootkits: A database rootkit is a program or a procedure that is hidden inside the database and that provides administrator-level privileges to gain access to the data in the database. These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS). • 4. Weak authentication: Weak authentication models allow attackers to employ strategies such as social engineering and brute force to obtain database login credentials and assume the identity of legitimate database users.
Different Authorization Different authorizations for different users Accounts clerk vs. Accounts manager vs. End users
Database/Application Security • Ensure that only authenticated users can access the system • And can access (read/update) only data/interfaces that they are authorized to access
How to protect database • To protect database against these types of 4 kinds of countermeasures can be implemented: – Access control – Inference control – Flow control – Encryption
Conclusion • Thank you my Honorable Teacher for giving me the privilege for this Presentation……… • Any questions?????

Recommended

Chameleon PCI Presentation
Chameleon PCI PresentationChameleon PCI Presentation
Chameleon PCI Presentation
christoboshoff
 
Is Department Roles
Is Department RolesIs Department Roles
Is Department Roleserickaselina
 
Top 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher educationTop 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher education
Gluu
 
35T Systems Maintainer
35T Systems Maintainer35T Systems Maintainer
35T Systems MaintainerJonathon Hendrick
 
Hi600 u08_inst_slides
Hi600 u08_inst_slidesHi600 u08_inst_slides
Hi600 u08_inst_slides
ljmcneill33
 
3 Characteristics of Well Protected Data
3 Characteristics of Well Protected Data3 Characteristics of Well Protected Data
3 Characteristics of Well Protected Data
QATestLab
 
Database security
Database securityDatabase security
Database security
afzaalkhalid1
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12Wiliam Ferraciolli
 

Recommended

Chameleon PCI Presentation
Chameleon PCI PresentationChameleon PCI Presentation
Chameleon PCI Presentation
christoboshoff
 
Is Department Roles
Is Department RolesIs Department Roles
Is Department Roleserickaselina
 
Top 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher educationTop 10 applications for multi factor authentication in higher education
Top 10 applications for multi factor authentication in higher education
Gluu
 
35T Systems Maintainer
35T Systems Maintainer35T Systems Maintainer
35T Systems MaintainerJonathon Hendrick
 
Hi600 u08_inst_slides
Hi600 u08_inst_slidesHi600 u08_inst_slides
Hi600 u08_inst_slides
ljmcneill33
 
3 Characteristics of Well Protected Data
3 Characteristics of Well Protected Data3 Characteristics of Well Protected Data
3 Characteristics of Well Protected Data
QATestLab
 
Database security
Database securityDatabase security
Database security
afzaalkhalid1
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12Wiliam Ferraciolli
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
Sudeb Das
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
Ahsin Yousaf
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
Revisiting Privileged Access in Today's Threat Landscape
Revisiting Privileged Access in Today's Threat LandscapeRevisiting Privileged Access in Today's Threat Landscape
Revisiting Privileged Access in Today's Threat Landscape
Lance Peterman
 
Digital skimming root_conf_ppt
Digital skimming root_conf_pptDigital skimming root_conf_ppt
Digital skimming root_conf_ppt
Arjun BM
 
360 identity-management
360 identity-management360 identity-management
360 identity-managementOri Levi
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
Wasim Raza
 
FileAudit Datasheet
FileAudit DatasheetFileAudit Datasheet
FileAudit Datasheet
IS Decisions
 
Access control
Access controlAccess control
Access control
Mohibullah Saail
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systems
jayussuryawan
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
Seth Nurul
 
Database security
Database securityDatabase security
Database security
Software Engineering
 
Mobile database security threats
Mobile database security threatsMobile database security threats
Mobile database security threatsAkhil Kumar
 
CloudHaven Pitch Deck
CloudHaven Pitch DeckCloudHaven Pitch Deck
CloudHaven Pitch Deck
RichardVann4
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and securityMohd Arif
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Database Security
Database SecurityDatabase Security
Database Security
Ferdous Pathan
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
Kal BO
 
Desventajas, usos y riesgos del comercio electrónico
Desventajas, usos y riesgos del comercio electrónicoDesventajas, usos y riesgos del comercio electrónico
Desventajas, usos y riesgos del comercio electrónico
Luis Corrales Arias
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 

More Related Content

What's hot

Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
Sudeb Das
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
Ahsin Yousaf
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
Revisiting Privileged Access in Today's Threat Landscape
Revisiting Privileged Access in Today's Threat LandscapeRevisiting Privileged Access in Today's Threat Landscape
Revisiting Privileged Access in Today's Threat Landscape
Lance Peterman
 
Digital skimming root_conf_ppt
Digital skimming root_conf_pptDigital skimming root_conf_ppt
Digital skimming root_conf_ppt
Arjun BM
 
360 identity-management
360 identity-management360 identity-management
360 identity-managementOri Levi
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
Wasim Raza
 
FileAudit Datasheet
FileAudit DatasheetFileAudit Datasheet
FileAudit Datasheet
IS Decisions
 
Access control
Access controlAccess control
Access control
Mohibullah Saail
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systems
jayussuryawan
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
Seth Nurul
 
Database security
Database securityDatabase security
Database security
Software Engineering
 
Mobile database security threats
Mobile database security threatsMobile database security threats
Mobile database security threatsAkhil Kumar
 
CloudHaven Pitch Deck
CloudHaven Pitch DeckCloudHaven Pitch Deck
CloudHaven Pitch Deck
RichardVann4
 
Database security
Database securityDatabase security
Database security
MaryamAsghar9
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and securityMohd Arif
 
Database security
Database securityDatabase security
Database security
Arpana shree
 
Database Security
Database SecurityDatabase Security
Database Security
Ferdous Pathan
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
Kal BO
 

What's hot (20)

Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
Revisiting Privileged Access in Today's Threat Landscape
Revisiting Privileged Access in Today's Threat LandscapeRevisiting Privileged Access in Today's Threat Landscape
Revisiting Privileged Access in Today's Threat Landscape
 
Digital skimming root_conf_ppt
Digital skimming root_conf_pptDigital skimming root_conf_ppt
Digital skimming root_conf_ppt
 
360 identity-management
360 identity-management360 identity-management
360 identity-management
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
 
FileAudit Datasheet
FileAudit DatasheetFileAudit Datasheet
FileAudit Datasheet
 
Access control
Access controlAccess control
Access control
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systems
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Database security
Database securityDatabase security
Database security
 
Mobile database security threats
Mobile database security threatsMobile database security threats
Mobile database security threats
 
CloudHaven Pitch Deck
CloudHaven Pitch DeckCloudHaven Pitch Deck
CloudHaven Pitch Deck
 
Database Security
Database SecurityDatabase Security
Database Security
 
Database security
Database securityDatabase security
Database security
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and security
 
Database security
Database securityDatabase security
Database security
 
Database Security
Database SecurityDatabase Security
Database Security
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 

Viewers also liked

Desventajas, usos y riesgos del comercio electrónico
Desventajas, usos y riesgos del comercio electrónicoDesventajas, usos y riesgos del comercio electrónico
Desventajas, usos y riesgos del comercio electrónico
Luis Corrales Arias
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Seguridad en el comercio electrónico
Seguridad en el comercio electrónicoSeguridad en el comercio electrónico
Seguridad en el comercio electrónicoramso24
 
Data encryption
Data encryptionData encryption
Data encryption
Deepam Goyal
 
HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?
Terro White
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
Alfred Ouyang
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
GMP EDUCATION : Not for Profit Organization
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
deaneal
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
Animesh Shaw
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-CommerceJitendra Tomar
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 

Viewers also liked (16)

Desventajas, usos y riesgos del comercio electrónico
Desventajas, usos y riesgos del comercio electrónicoDesventajas, usos y riesgos del comercio electrónico
Desventajas, usos y riesgos del comercio electrónico
 
Firewalls
FirewallsFirewalls
Firewalls
 
Seguridad en el comercio electrónico
Seguridad en el comercio electrónicoSeguridad en el comercio electrónico
Seguridad en el comercio electrónico
 
Data encryption
Data encryptionData encryption
Data encryption
 
HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?HOW TO EARN CISSP CERTIFICATION?
HOW TO EARN CISSP CERTIFICATION?
 
8 cyber crimes
8 cyber crimes8 cyber crimes
8 cyber crimes
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System Validation
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 

Similar to Threats

System security
System securitySystem security
System security
ReachLocal Services India
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 
Lecture27 cc-security2
Lecture27 cc-security2Lecture27 cc-security2
Lecture27 cc-security2
Ankit Gupta
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
FarhanaMariyam1
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Nithin Raj
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
Leif Davidsen
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
Denny Lee
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing Security
Devyani Vaidya
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
Falgun Rathod
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 

Similar to Threats (20)

System security
System securitySystem security
System security
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Lecture27 cc-security2
Lecture27 cc-security2Lecture27 cc-security2
Lecture27 cc-security2
 
Database security in database management.pptx
Database security in database management.pptxDatabase security in database management.pptx
Database security in database management.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Cloud Cmputing Security
Cloud Cmputing SecurityCloud Cmputing Security
Cloud Cmputing Security
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
Co p
Co pCo p
Co p
 
Co p
Co pCo p
Co p
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 

Recently uploaded

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Threats

  • 2. Introduction • Name: MD. Wasim Akram • ID: UG 02 22 09 016 • Department: CSE
  • 3. Topic • Threats of Database In E-Commerce
  • 4. What Is Commerce • Commerce • CCommerce: Exchange of Goods / Services • SContracting parties: Buyer and Seller • CFundamental principles: Trust and Security • S
  • 5. What is E Commerce • E-Commerce • EAutomation of commercial transactions using computer and communication technologies • t Facilitated by Internet and WWW • F Business-to-Business: EDI • BBusiness-to-Consumer: WWW retailing
  • 6. Continued • CSome features: • –Easy, global access, 24 hour availability • –Customized products and services • –Back Office integration • –Additional revenue stream
  • 8. E-Commerce risks • ECustomer's risks • –Stolen credentials or password • –Dishonest merchant • –Disputes over transaction • –Inappropriate use of transaction details • - Merchant’s risk
  • 9. Continued • Forged or copied instruments • –Disputed charges • –Insufficient funds in customer’s account • –Unauthorized redistribution of purchased items • i Main issue: Secure payment scheme
  • 10. Overview • Levels of data security • Authorization in databases • Application Vulnerabilities • Summary and References
  • 11. Levels of Data Security • Human level: Corrupt/careless User • Network/User Interface • Database application program • Database system • Operating System • Physical level
  • 12. Database Threats • Disclosure of valuable and private information could irreparably damage a company • Security is often enforced through the use of privileges • Some databases are inherently insecure and rely on the Web server to enforce security measures
  • 13. Continued • Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. – Loss of integrity – Loss of availability – Loss of confidentially
  • 14. Explanation Of Threats in Database • 1. Privilege abuse: When database users are provided with privileges that exceeds their day-to-day job requirement, these privileges may be abused intentionally or unintentionally. • 3. Database rootkits: A database rootkit is a program or a procedure that is hidden inside the database and that provides administrator-level privileges to gain access to the data in the database. These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS). • 4. Weak authentication: Weak authentication models allow attackers to employ strategies such as social engineering and brute force to obtain database login credentials and assume the identity of legitimate database users.
  • 15. Different Authorization Different authorizations for different users Accounts clerk vs. Accounts manager vs. End users
  • 16. Database/Application Security • Ensure that only authenticated users can access the system • And can access (read/update) only data/interfaces that they are authorized to access
  • 17. How to protect database • To protect database against these types of 4 kinds of countermeasures can be implemented: – Access control – Inference control – Flow control – Encryption
  • 18. Conclusion • Thank you my Honorable Teacher for giving me the privilege for this Presentation……… • Any questions?????