Hacking Database Servers

Guarding Against SQL Server Attacks: Hacking, Cracking, and Protection Techniques

Hacking Database Servers Internet Security Whitepapers

In this information age, the data server has become the heart of a company. This one piece of software controls the rhythm of most organizations and is used to pump information lifeblood through the arteries of the network. Because of the critical nature of this application, the data server is also the one of the most popular targets for hackers. If a hacker owns this application, he can cause the company's "heart" to suffer a fatal arrest.

Hacking Database Network Protocols

Hacking Database Servers Internet Security Whitepapers

Database servers today are the most critical assets of an organization. In recent years, these servers have become the target of hackers employing three types of attack techniques: low level network attacks against the operating system that hosts the database server, SQL injection attacks through application servers and direct SQL based attacks. All techniques have been widely explored and studied and commercial tools are available to protect databases against such techniques. As a consequence hackers have started to explore a new technique – network level attacks against the protocol used by the database server.

Hacking Databases for Owning your Data

Hacking Database Servers Internet Security Whitepapers System Hacking

Data theft is becoming a major threat, criminals have identified where the money is. In the last years many databases from fortune 500 companies were compromised causing lots of money losses. This paper will discuss the data theft problem focusing on database attacks, we will show actual information about how serious the data theft problem is, we will explain why you should care about database security and common attacks will be described, the main part of the paper will be the demonstration of unknown and not well known attacks that can be used or are being used by criminals to easily steal data from your databases, we will focus on most used database servers: MS SQL Server and Oracle Database, it will be showed how to steal a complete database from Internet, how to steal data using a database rootkit and backdoor and some advanced database 0day exploits. We will demonstrate that compromising databases is not big deal if they haven't been properly secured. Also it will be discussed how to protect against attacks so you can improve database security at your site.

Hacking Exposed: Hacking SQL Server

Hacking Database Servers Internet Security Whitepapers

Hacking into web servers and replacing home pages with pictures of scantily clad females and clever, self-ingratiating quips is all fine and dandy, but what can we do about hackers intent on doing more than defacing a few pages? Sooner or later you’ll be up against an opponent intent on taking your most valuable assets either for spite or profit. What could be more valuable than the information locked deep in the bowels of your database? Employee records, customer accounts, passwords, credit card information-it's all there for the taking.

Introduction to SQL Injection Attacks for Oracle Developers

Hacking Database Servers Internet Security Whitepapers

SQL injection is a basic attack used to either gain unauthorized access to a database or to retrieve information directly from the database. The principles behind a SQL injection are simple and these types of attacks are easy to execute and master. Most application developers underestimate the risk of SQL injections attacks against web applications that use Oracle as the back-end database. Our audits of custom web applications show many application developers do not fully understand the risk of SQL injection attacks and simple techniques used to prevent such attacks.

Vulnerability Assessment: The Right Tools to Protect Your Critical Data

Hacking Database Servers Internet Security Whitepapers

Over the last several years, Vulnerability Assessment (VA) has become one of the hottest fields within the computer security market. VA tools are designed to detect and report on security holes within various software applications, allowing organizations to take corrective actions before a devastating attack occurs. Due to the reduction in “time to exploit” once a new vulnerability reaches the public domain, and the regulatory pressures imposed on businesses within a variety of verticals, the need for reliable vulnerability assessment has never been greater. Unfortunately, the environment in which software applications are developed today is largely driven by schedule and features, rather then stability or security. This situation has led to corporate networking being ripe with vulnerabilities there for the picking, and the software vendors are doing very little to remedy the situation. Risks to corporate applications are further exacerbated by overburdened and understaffed IT departments.