Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Ad Hoc Distributed Queries - SQL Server

An ad-hoc query is an unscheduled data inquiry, typically created in response to questions that cannot be addressed using predetermined or predefined datasets. Ad hoc distributed queries utilize the OPENROWSET(Transact-SQL) and OPENDATASOURCE(Transact-SQL) functions for establishing connections with remote data sources employing OLE DB. It’s advisable to employ OPENROWSET and OPENDATASOURCE solely for referencing OLE DB data sources that are accessed on an occasional basis.

How To Securely Manage Database Access for Remote Users

The best way to securely manage database access for remote users is by using a Privileged Access Management (PAM) solution. PAM solutions provide full visibility and control over database access to prevent privilege misuse, reducing the likelihood of an insider threat harming your organization.

Enhance MongoDB Security for Atlas With Scalable Tenant Isolation

As a company building a SaaS security product, our inherent culture is not only focused on building best of breed security products for our users, but also ensuring that our systems, practices and workflows are engineered to support a continuously evolving threat landscape, and to protect our users’ data. We’ve written about our design for tenant isolation for our serverless based architecture in the past, and practical methods to avoid data leakage between clients.

Apache Superset - Database Data Retrieval Through Improper Error Handling

Anastasios Stasinopoulos from OBRELA LABS Team discovered a security flaw that affects Apache Superset (before 3.0.4, from 3.1.0 before 3.1.1), an open-source modern data exploration and visualization platform. Apache Superset error handling can be manipulated in order to allow data retrieval from the backend database.

How to Install PostgreSQL 16 on RHEL 9

PostgreSQL is one of the leading and widely used open source relational database management systems (RDBMS) that stores structured data in tables, just like MySQL. It is used by developers in their tech stacks and even by large enterprises and corporations to store website and application data. PostgreSQL uses SQL query language to store and manipulate data and also provides JSON support.

SQL Server Orphaned Users - An Invisible Threat: Detection and Remediation Steps

Orphaned users in SQL Server arise when a database user is associated with a login in the master database that no longer exists and should be removed. This situation can happen when the login is removed or when the database is transferred to a different server lacking the corresponding login. The SQL Server logins existing on a server instance can be seen through the sys.server_principals catalog view and the sys.sql_logins compatibility view.

Practical Steps to Prevent SQL Injection Vulnerabilities

In today's digital landscape, web applications and APIs are constantly under threat from malicious actors looking to exploit vulnerabilities. A common and dangerous attack is a SQL injection. In this blog, we will explore SQL injection vulnerabilities and attacks, understand their severity levels, and provide practical steps to prevent them. By implementing these best practices, you can enhance the security of your web applications and APIs.

How SQL Server Audit is Your Secret Security Weapon

The SQL Server Audit object gathers individual occurrences of server or database-level actions and sets of actions for monitoring purposes. This audit operates at the SQL Server instance level, allowing for multiple audits per instance. Upon defining an audit, you designate the destination for result output. Before beginning a SQL Server audit pay attention to the limitations and restrictions associated with database audit specifications.

Securing Database Access: DPA Zero Standing Privilege Approach with Native HeidiSQL Utility

In this video, we'll guide you through the process of utilizing CyberArk DPA's capabilities to seamlessly connect to a Postgres database using the HeidiSQL client, leveraging the secure foundation of JIT access approach for enhanced security and efficiency.