Showing 26 results for: Database Security ×

Database Security Knowledgebase Update 5.04

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.04 includes new checks for SAP (Sybase) ASE, Microsoft SQL Server, MySQL and Oracle, and updated checks for Microsoft SQL Server. New Vulnerability and Configuration Check Highlights SAP...

SAP ASE file creation vulnerability (CVE-2016-6196)

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create...

Database Security Knowledgebase Update 5.03

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

Database Security Knowledgebase Update 5.02

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.02 includes new checks for Microsoft SQL Server and SAP (Sybase) ASE New Vulnerability and Configuration Check Highlights Microsoft SQL Server Orphaned users Examines for orphaned users. Risk:...

About SAP ASE DSAM SQL Injection (CVE-2016-4013)

SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for Data Store Access Management (DSAM). This is perfect example of new functionality introducing new vulnerabilities. The new DSAM implementation suffers from an SQL injection...

Database Security Knowledgebase Update 5.01

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.01 includes new checks for MySQL, Oracle and SAP (Sybase) ASE and updated checks for MySQL and SAP (Sybase) ASE. New Vulnerability and Configuration Check Highlights MySQL Critical...

Database Security Knowledgebase Update 5.00

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

AppDetectivePRO and DbProtect Knowledgebase Update 4.54

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.54 includes new support for SAP (Sybase) Adaptive Server Enterprise (ASE) version 16.0, a new check for Oracle Database encryption, updated checks for SAP (Sybase) ASE...

AppDetectivePRO and DbProtect Knowledgebase Update 4.53

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.53 includes new checks for Microsoft SQL Server, MySQL and Oracle Database, as well as, updated checks for IBM DB2 for Linux, UNIX and Windows (LUW)...

Debugging SAP ASE .NET Provider Issues

I've recently been chasing a bug that made it impossible to call one built-in stored procedure within SAP Adaptive Server Enterprise (ASE) .NET provider. The procedure in question is sp_loginconfig which exists only on ASE running on Windows platforms. If...

AppDetectivePRO and DbProtect Knowledgebase Update 4.52

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.52 includes new and/or updated checks for vulnerabilities in MySQL, Oracle Database and SAP (Sybase) ASE, as well as, new policies regarding security configuration benchmarks from...

AppDetectivePRO and DbProtect Knowledgebase Update 4.50

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.50 includes new and/or updated checks for vulnerabilities in SAP (Sybase) ASE, Microsoft Azure SQL Database, Oracle Database, Hadoop and MySQL. New Vulnerability and Configuration Check...

Changes in Oracle Database 12c password hashes

Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password hashing is more secure. With this post, I'll explain some of the changes and their...