Posts Tagged ‘Database Security’


With the wide spread of the activity by hacktivist groups and nation-state attacks, data breaches incident once again hit the industry headlines.To ensure you are well prepare or have preventive initiative or system in place to protect you being one of them showcase in the media.

Below is the quick checklist how ready you are or you need to have initiative to work on as part of your overall database defense strategy, or for your database security audit, risk and compliance management.

  1. Devise a Database Security Plan (scan it with the latest database security scanner to know your overall security posture in term of database security risk, you can always contact E-SPIN consultant for the advisory on this).
  2. Fix Default, Blank, and Weak Passwords (based on the database security scan and audit result)
  3. Regularly Patch Databases (based on the database security audit recommendation and cross check with the database vendor, whether they have up to date patch available for the security patch or fix)
  4. Minimize Attack Surface (based on the database security audit and follow the recommendation to perform the recommended change or best practices)
  5. Review User Privileges (based on the database security audit based on the user right review to get the complete insight or detect abnormal user privileges – no all the generic or open source database security scanner can perform this, you need purpose built database scanner for the in depth user right review)
  6. Locate Sensitive Information (based on the purpose built database security scanner scan, it will auto discover which database contain sensitive information and need to take special care due to regulatory compliance – with the commercial market leading database security scanner E-SPIN represented, you can discover it on the fly)
  7. Encrypt Sensitive Data at Rest and In Motion (good commercial database security scanner can advice based on your scan result what should do or in place for encrypting data in motion and retain in the database or storage).
  8. Train and Enforce Corporate Best Practices (based on the database security scan result and recommendation to work out the standard operating procedure, best practices or attain database security training or subscribe for the E-SPIN tailor made database security training class or workshop to gain first hand experience how to perform database security best practice).


E-SPIN Book Professional Reading on Database Security - Database Activity Monitoring, Database Vulnerability Assessment, Auditing and Scanning

E-SPIN Book Professional Reading on Database Security – Database Activity Monitoring, Database Vulnerability Assessment, Auditing and Scanning

If you want to access to the full detailed topic over of the above information, please feel free to subscribe for our free newsletter and get access to the professional reading book: database security. The book is cater for database activity monitoring, database vulnerability assessment, auditing and scanning absolutely free for subscriber.

Read Full Post »

In today’s technology world, security for database has grown extremely. Data security has become an essential for every individual who connect and uses the internet daily to transfer their data. It is necessary to have a requirement which each aspect of the operation performed through internet.

Database Security

Database security is the system that controls the access to database at certain level. The privacy of data is at risk from unauthorized users, which is external sources on the network and internal users within the companies itself.

The above is the security risks that IT professionals should aware of to protect their databases:

i) Privilege Abuse:

When database users take the opportunity for excessive privileges that exceed the        requirements of their job, then these privileges can be deliberately or accidentally being abused.

ii) Legitimate Privilege Abuse:

Through this attack, the hacker with the legitimate privilege that access to the database may misuse the information which stored in the database for their purposes.

iii) Operating System vulnerabilities:

In operating system vulnerabilities, the hacker accomplishes the vulnerabilities in the operating system to let unauthorized access to the database for mischievous reasons.

iv) SQL Injection

It shows that SQL queries are capable to prevent from access controls, by passing through standard authentication, authorization checks and also do grant access to host operating system level commands.

v) Lack of Audit Trails

When proof is weak, hackers can easily get access to database by expecting the identity of the users with strategies which is social engineering and brute force.

To find out an approach to clarify the security threats, that can help your organization to meet your database security, compliance and reporting needs, explore the information given below:

Application Security, Inc. (AppSecInc) was founded in year 2001, AppSecInc was recognized as market leading database security, risk, and compliance solutions for the enterprise. AppSecInc empowers the organizations to protect their most critical database assets.

AppDetectivePro as the leading provider of cross platform solutions for the enterprise for auditors and IT advisors, and DbProtect for the enterprise – deliver the industry’s most comprehensive database security solution.

For more information about AppSecInc – AppDetective Pro and how E-SPIN may consult and assist you on the database security requirement, please contact E-SPIN or

please go to http://e-spincorp.com/espinv3/index.php/application-security

Read Full Post »