The following are the countermeasures against database attacks:

* Input Sanitization: The Database Administrator must sanitize any input received from a user. The data submitted should be checked for data type (integer, string, and so on) and stripped of any undesirable characters, such as meta-characters.
* Adherence to strong firewall rules: Be sure to check firewall rules from time to time and always block any database access ports, such as TCP and UDP 1434 (MS SQL) and TCP 1521-1530 (Oracle).
* Modification of error reports: To avoid a SQL injection, the developer should handle or configure error reports in such a way that the error is not visible to outside users. In these error reports, a full query is sometimes shown, pointing to the syntax error involved, and the attacker could use it for further attacks. A display of errors should be restricted only to internal users.
* Stored procedure removal: Be sure to remove all stored procedures (including extended stored procedures) from the entire database. These seemingly innocent scripts can help an attacker topple even the most secure databases.
* Session encryption: When a database server is separate from a Web server, be sure to encrypt the session stream using any method, such as using IPSec native to Windows 2000.
* Least privilege: The default system account (sa) for SQL Server 2000 should never be used.
* Escape quotes: Replace all single quotes with two single quotes.

Explore More

Critical persistent xss vulnerabilities at IPAY : Myanmar Online payment Official Site

This evening, I found a fascinated  big bill board “IPAY” http://www.ipay.com.mm at Thamine Junction, Yangon, Myanmar. Then, I said my friend “googl3group” about it, and said  “NO XSS, NO SQL

What are the various modes of system security testing?

The various modes of system security testing are as follows: 1. Remote network: This mode attempts to simulate an attack launched over the Internet. The primary defenses that must be

More Trojan horse for Apple Mac! Is Mac more insecure than windows?

One more malware have been spotted for the Apple Mac machine. This time Trojan.iServices.B which gets into the system, open the backdoor in Mac machines and connect them to a