Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Databases

Default Permissions in SQL Server Public Role - permission not granted

In an SQL Server, roles act like security groups that control what users can do within the database environment. The roles designate the access groups determining who can access specific databases and what they can do with the data within those databases. The public role is a special database role that everyone is assigned by default when they become a member of a database. By default, the public role has very limited permissions, often no permissions at all.

The Public Role in the MSDB Database, No Proxies Allowed

SQL Agent proxies are a form of built-in service that allows the schedule and running of automated tasks within SQL Server. These tasks can perform various actions related to database management. The msdb database is a crucial system database in Microsoft SQL Server which primarily serves SQL server agents. These databases store information related to SQL Agent jobs, including their configuration, execution history, vital system tables and data.

How Trustwave Protects Your Databases in the Wake of Recent Healthcare Data Breaches

The recent cyberattack on Ascension Medical, Change Healthcare and several UK hospitals is a stark reminder of the vulnerabilities within the healthcare sector. The May 8, 2024, attack disrupted access to Electronic Health Records (EHR) for two weeks across Ascension's 140-hospital system, forced some hospitals to divert ambulances and rely on manual record-keeping, and has led to patient class-action lawsuits regarding potential data exposure.

How to Install Microsoft SQL Server

SQL Server is a widely used relational database management system (RDBMS) developed by Microsoft. It provides secure, scalable and high-performance storage and management of structured and unstructured data. SQL Server offers a wide range of features and tools for database administration, development, business intelligence and advanced analytics.

SQL Server Orphaned Users - Detection and Remediation Steps

Orphaned users SQL Server arise when a database user is associated with a login in the master database that no longer exists and should be removed. This situation can happen when the login is removed or when the database is transferred to a different server lacking the corresponding login. The SQL Server logins existing on a server instance can be seen through the sys.server_principals catalog view and the sys.sql_logins compatibility view.

Account Takeover, SQL Injection and DDoS Attack Simulation on APIs

Overview: According to TechTarget, 94% of organizations experience security problems in production APIs, and one in five suffers a data breach. The primary reason is that most tech leaders assume that having a strong authentication and authorisation framework is enough to secure APIs. As a result, cyberattacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise. Join Karthik Krishnamoorthy, CTO and Vivekanand Gopalan Gopalan, VP of Products at Indusface, in this webinar as they demonstrate how APIs can be hacked.

Mastering SQL Injection : A Comprehensive Guide to SQL Map

In this video we will learn about one of the most prevalent database threats today, SQL Injection attack which is a common method used by hackers to exploit vulnerabilities in web applications that interact with databases. Join us as we explore the inner workings of this malicious technique and understand how SQLMAP Tool, a powerful open-source penetration testing tool can be used to protect your data. With step-by-step examples and demonstrations, we will show how to install SQLMAP and take countermeasures.

Ad Hoc Distributed Queries - SQL Server

An ad-hoc query is an unscheduled data inquiry, typically created in response to questions that cannot be addressed using predetermined or predefined datasets. Ad hoc distributed queries utilize the OPENROWSET(Transact-SQL) and OPENDATASOURCE(Transact-SQL) functions for establishing connections with remote data sources employing OLE DB. It’s advisable to employ OPENROWSET and OPENDATASOURCE solely for referencing OLE DB data sources that are accessed on an occasional basis.

How To Securely Manage Database Access for Remote Users

The best way to securely manage database access for remote users is by using a Privileged Access Management (PAM) solution. PAM solutions provide full visibility and control over database access to prevent privilege misuse, reducing the likelihood of an insider threat harming your organization.