Two big concerns that exist in ensuring that a database is secure that I have identified and/or learned about include SQL injection and insider threat attacks. SQL injection occurs when an attacker seeks to manipulate input fields with malicious commands that interact with a database. For instance, where a company website lacks input validation, it becomes possible for an attacker to enter commands that result in their viewing, deleting, and/or modifying privileged data such as customer and/or financial information on a website hosted by the company.

Insider threats arise when personnel or contractors abuse their access privileges, either voluntarily or inadvertently. An employee with unnecessary access privileges could copy sensitive information to an unsecured area or accidentally delete files. Even if there are no ill Intentions, poor access control could lead to the inadvertent revelation of sensitive information. Both of these problems demonstrate the need for proper input validation, strict access control, and database activities to ensure security and safeguard vital information of the organization.