Tag: Database security

Difference between Oracle’s Exadata and Exalogic

Oracle Exadata (Oracle Exadata Database Machine) is strictly a data processing solution offered by Oracle. Initially conceived and promoted as a solution for mainly large data warehouse data load processing, Oracle now boldly proclaims that Exadata is suitable for high concurrency OLTP applications as well.

How to Avoid a Giant Security Breach

Security breaches are bad news, for everyone involved. Some companies don’t come back from them – others take years to gain their reputation back, not to mention the huge costs of upgrading the network to prevent it from happening again. Miro’s security expert Sam Alapati just published a Front IT Blog on ITInsideronline about preventing such a breach. He offers some really simple, yet important, tips for securing your organization. Check it out!

Data Encryption Following Recent Security Breaches

Following the numerous recent security breaches in the news, many organizations are considering the need to encrypt their enterprise data, especially sensitive data that contains personally identifiable information (Social Security Numbers are a good example) and financial information such as credit card numbers. With Oracle, we suggest Oracle Encryption using the Oracle Advanced Security Option. The ASO Option is a straight forward, no-code solution for data encryption to protect data throughout its life cycle. Implementing ASO is fairly easy, and […]

OWASP Tot Ten Web Application Vulnerabilities #6: Security Misconfiguration

Security misconfigurations of key application stack components such as the operating system, the web server and the application server are all potential gateways to attacks. Unfortunately for us, most security configuration vulnerabilities are not rocket science — they’re out there for everybody to learn and use (or misuse) them. Security Misconfiguration is also a way for privileged insiders to hide their malicious activity against their firm’s systems. Usually a security misconfiguration will compromise just some part of the system, but […]

OWASP Top Ten Web Application Vulnerabilities #3: Insecure Direct Object References

Insecure Direct Object References seems a pretty unwieldy term, but the way it compromises a web application is pretty straightforward. The attacker is usually an authorized system user, who simply modifies a parameter value that directly refers to a system object so it refers to another system object for which the attacker has no authorization. Potentially, an attack using this technique can compromise all data that the new parameter can reference. The root of this type of web application vulnerability […]

US-CERT Cyber Security Alerts

US-CERT is a U.S. government agency that provides response support and defense against cyber attacks. US-CERT is part of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). Although US-CERT’s goal is to support the government agencies to defend themselves against cyber attacks, the agency disseminates cyber security information to governments, industry and the public, free of cost. You can receive regular mailing lists of known vulnerabilities from US-CERT by going to http://www.us-cert.gov/and enrolling in their […]

OWASP Top Ten Web Application Vulnerabilities #4: Cross-Site Request Forgery (CSRF)

Cross-site request forgery or CSRF is a type of web application vulnerability wherein hackers trick authenticated users of your websites to submit information to a web application on behalf of the hacker without the legitimate user being aware of the fact. What the CSRF attack does is to trick the legitimate user into loading a hacker’s web page that uses the legitimate user’s credentials to perform malicious actions, masquerading as the user. For example, a successful CSRF attack will enable […]

In Archive