Showing 23 results for: Database Security ×

Helping to Secure your PostgreSQL Database

When big high-tech companies like Apple, Red Hat and Cisco use PostgreSQL in their data infrastructure, you can be certain that PostgreSQL ranks up there with the bigger relational database managers. PostgreSQL is an enterprise-level open source database that has...

Protecting Yourself from MongoDB Ransomware

In the realm of malware, ransomware has been king for the last few years, compromising unsecured hosts and kindly requesting payment from their rightful owners. Back in January 2017, an attacker extended the concept to MongoDB and was hitting unsecured...

Raiding the Piggy Bank: Webshell Secrets Revealed

Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several interesting methods used by the attacker. These methods are the subject of this blog, as well as providing some suggestions on what E-commerce companies...

SAP ASE file creation vulnerability (CVE-2016-6196)

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create...

About SAP ASE DSAM SQL Injection (CVE-2016-4013)

SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for Data Store Access Management (DSAM). This is perfect example of new functionality introducing new vulnerabilities. The new DSAM implementation suffers from an SQL injection...

Database Security Knowledgebase Update 5.01

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.01 includes new checks for MySQL, Oracle and SAP (Sybase) ASE and updated checks for MySQL and SAP (Sybase) ASE. New Vulnerability and Configuration Check Highlights MySQL Critical...

AppDetectivePRO and DbProtect Knowledgebase Update 4.54

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.54 includes new support for SAP (Sybase) Adaptive Server Enterprise (ASE) version 16.0, a new check for Oracle Database encryption, updated checks for SAP (Sybase) ASE...

Debugging SAP ASE .NET Provider Issues

I've recently been chasing a bug that made it impossible to call one built-in stored procedure within SAP Adaptive Server Enterprise (ASE) .NET provider. The procedure in question is sp_loginconfig which exists only on ASE running on Windows platforms. If...

AppDetectivePRO and DbProtect Knowledgebase Update 4.50

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.50 includes new and/or updated checks for vulnerabilities in SAP (Sybase) ASE, Microsoft Azure SQL Database, Oracle Database, Hadoop and MySQL. New Vulnerability and Configuration Check...

Changes in Oracle Database 12c password hashes

Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password hashing is more secure. With this post, I'll explain some of the changes and their...