Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Database Security posted in October 2009
SAP, Nokia Partner On Mobile Security
News  |  10/27/2009  | 
With the joint venture's technology, prescription drugs, software, and other goods could be tagged with smart barcodes to protect them from counterfeiting.
The ABCs Of DAM
Commentary  |  10/26/2009  | 
Database activity monitoring (DAM) has been the biggest advancement in database security in the past decade. Identity management controls access, and encryption protects data on media, but monitoring verifies usage.
E-Health Records Put Patient Privacy At Risk
News  |  10/20/2009  | 
Healthcare IT managers say their organizations aren't adequately protecting electronic health records, survey says.
Laptop Theft Nets Data On 800,000 Doctors
News  |  10/15/2009  | 
The stolen laptop contained personal data on nearly every physician in the country.
Getting Around Vertical Database Security
Commentary  |  10/14/2009  | 
A few database administrators told me they wanted to know why database security is vertical and how they can fix it. True, database access controls are vertical. The basic construct of a database is a table, and access controls grant access to tables or columns. This means you can see all of the entries from top to bottom, or none at all. Access is vertical and it lacks granularity.
Avoiding Database Audit Pitfalls
Commentary  |  10/8/2009  | 
Many seasoned database administrators howl in protest at the mere suggestion of running native auditing functions due to the poor performance and log management headaches that often come with auditing.
Database Auditing Essentials
Commentary  |  10/5/2009  | 
Auditing database activity is a core component to any data security program. Databases capture data access and alterations during transaction processing, along with modifications to the database system. These actions are captured and written into an audit log that is managed by the database internally. The audit log is the most accurate source of events because it's the database that acts as the arbiter to ensure transactional consistency and data integrity.
A Weapon Against SQL Injection
Commentary  |  10/2/2009  | 
The single most common database security inquiry I get is, "What's this whole stored procedure parameter thing, and how does it help with SQL injection?"
Dark Reading's Database Security Tech Center Refresh
Commentary  |  10/1/2009  | 
The Dark Reading Database Security Tech Center is expanding. The subsite, devoted to bringing you news, product information, opinion, and analysis all focused on the very timely topic of database security, has been well-received by our readers since its launch in June, so we're adding two new elements to provide even more depth of coverage: a new blogger dedicated to database security, and new monthly feature articles that drill down on the latest database security threats and issues.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22166
PUBLISHED: 2021-01-15
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVE-2021-22167
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVE-2021-22168
PUBLISHED: 2021-01-15
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVE-2021-22171
PUBLISHED: 2021-01-15
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2020-26414
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.