Print

Web Database Security

Traditionally databases have been largely secured through hosting server measures and network security measures such as firewalls and network-based intrusion detection systems. As networks are increasingly opened to wider Internet access, databases need more application security control.

Attack Surfaces

  • Stored data 
  • Web applications using the data
  • Stored functions
  • DBMS (database server)
  • Associated network links

Security Risks

  • Unauthorized or unintended activity or misuse
  • Malware infections 
  • Overloads
  • Physical damage 
  • Design flaws and programming bugs 
  • Data corruption and/or loss 

Impacts on Data

  • Confidentiality
  • Integrity
  • Availability 

Defense Measures

  • Separation: between the database and Web servers
  • Access control: the network layer, the application layer, and the data layer
  • Auditing: monitoring and logging files and database transactions for traceability, auditability, repudiation
  • Data validation: whitelisting, blacklising, sanitation
  • Encryption: data, files, backups

Resources