What are the countermeasures against database attacks?

Home / Hacking, News, Security / What are the countermeasures against database attacks?

September 14, 2008 PlanetCreator 0 Comments 0 tags

The following are the countermeasures against database attacks:

* Input Sanitization: The Database Administrator must sanitize any input received from a user. The data submitted should be checked for data type (integer, string, and so on) and stripped of any undesirable characters, such as meta-characters.
* Adherence to strong firewall rules: Be sure to check firewall rules from time to time and always block any database access ports, such as TCP and UDP 1434 (MS SQL) and TCP 1521-1530 (Oracle).
* Modification of error reports: To avoid a SQL injection, the developer should handle or configure error reports in such a way that the error is not visible to outside users. In these error reports, a full query is sometimes shown, pointing to the syntax error involved, and the attacker could use it for further attacks. A display of errors should be restricted only to internal users.
* Stored procedure removal: Be sure to remove all stored procedures (including extended stored procedures) from the entire database. These seemingly innocent scripts can help an attacker topple even the most secure databases.
* Session encryption: When a database server is separate from a Web server, be sure to encrypt the session stream using any method, such as using IPSec native to Windows 2000.
* Least privilege: The default system account (sa) for SQL Server 2000 should never be used.
* Escape quotes: Replace all single quotes with two single quotes.

Explore More

Is your IP Leaking? Find out here

The first link shows your IP.http://www.whatismyip.com/This site will show more information like your town…http://www.geobytes.com/IpLocator.htm?GetLocationIf you pass this test your Proxys / Programs are doing their job…https://grc.com/x/ne.dll?bh0bkyd2 Privacy Check – checks

LFI Scanner By GlaDiaT0R

#!/usr/bin/perl #LFI Scanner By GlaDiaT0R #My Mail: the_gl4di4t0r[AT]hotmail[DOT]com #Home Page: DarkGh0st.Com #Greetz To Boomrang_victim, Marwen_Neo & All Tunisian Hackers #www.darkgh0st.net #www.tunisian-power.net More Info http://www.planetcreator.net/planetcreator/perls.php?id=37

What’s Next for Virtualization: Optimizing the Environment

As the server virtualization market continues to mature and more companies adopt server virtualization as a standard within their environments, the concerns and questions we hear day to day about

[webapps] Flowise 3.0.4 - Remote Code Execution (RCE)
on October 31, 2025 at 12:00 am
Flowise 3.0.4 - Remote Code Execution (RCE)
[webapps] Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
on October 29, 2025 at 12:00 am
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
[local] Mbed TLS 3.6.4 - Use-After-Free
on September 16, 2025 at 12:00 am
Mbed TLS 3.6.4 - Use-After-Free
[webapps] Concrete CMS 9.4.3 - Stored XSS
on September 16, 2025 at 12:00 am
Concrete CMS 9.4.3 - Stored XSS
[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
on September 16, 2025 at 12:00 am
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)