OCU C)ISSO A Discussion Lesson 14
- This topic has 9 replies, 8 voices, and was last updated 1 week, 5 days ago by
.
-
Posts
-
-
Database security has many issues. After reading this chapter and viewing the video, discuss 2 issues that you have experienced or heard about. Explain the security issue and what happened. If you have never experienced any of these issues, choose two to explain in detail giving examples of what could happen in an organization.
-
Database security is important because database store the most valuable information in an organization, such as customer records, financial data, and internal systems. One common issue is SQL injection, where an attacker sends harmful commands through a website or form. If the system is not properly protected, the attacker ca access or even delete the database. This often happens when input fields are not validated. Another major issue is weak access control., Sometimes employees are given more privileges than they need, or old accounts are never removed. This can lead to unauthorized access, accidental data exposure or insider misuse.
-
-
Because databases are holding a large amount of data in their system, which can potentially be really important and sensitive information, they must be kept secure from outside attacks or internal threats.
One database issue I have heard of is SQL injecting/cross-site scripting attacks (XSS). This occurs when someone maliciously enter code on a site and allows the attacker to execute commands on the database. The system must be protected from this by using tools that check that the information that is put into the system before it is uploaded and used in the database. To do this, it is also important to test the website to make sure its protection is working correctly. In fact, a major second issue with databases is a lack of testing in general. Failing to test a database properly means there could be holes in the software, which would lead it to be vulnerable to attacks. Weaknesses in the system must be found addressed to prevent anyone else from exploiting it. This should be done early in the process, but it should also be done later by creating patches or updates to the site.-
Hey Isabelle, you made some great points about why databases need strong protection. SQL injection and XSS are serious threats, and you’re right that checking all input and doing regular security testing helps stop those attacks. I also agree that not testing systems leaves big weaknesses. Keeping the database and software updated with patches is one of the best ways to prevent attackers from using those gaps.
-
-
Two common issues in database security are insufficient testing before launch and weak security. When organizations hurry to start a new system without proper testing, they often miss vulnerabilities like wrong permissions, missing updates, or unsecured access points. This can lead to users accidentally accessing data they shouldn’t or attackers easily exploiting the system. Another major problem is poor security practices, such as weak password management or bad backups, which make the database vulnerable. If a hacker accesses the system through a weak password or an unprotected account, they can corrupt, delete, or change important data, causing the database to fail and disrupting the organization’s operations. These failures can lead to downtime, financial losses, and damage to trust. Both issues show why organizations need to carefully test and improve their security measures before relying on a database in day-to-day operations.
-
Hi, Mjulius. You brought up a great point about insufficient testing before launching a system. It can seem tempting to push things early to move along a timeline faster, but not doing the proper testing to ensure security could end up creating greater consequences than taking more time for testing in the first place. Testing early can prevent leaving weaknesses in a security system.
-
I agree that the risks of insufficient testing and insecure environments are severe. I have witnessed situations where the database had gone live without applying the necessary security patch, making it vulnerable to sql injection or hacking. Such problems could easily have been avoided through rigorous testing and sound password policies.
-
-
Database security issues are serious because a single weakness can expose sensitive information. Common problems include weak access controls and SQL injection attacks, both of which allow unauthorized users to view or manipulate data. These failures can lead to financial loss, damaged reputation, and major disruptions for an organizations.
-
Two big concerns that exist in ensuring that a database is secure that I have identified and/or learned about include SQL injection and insider threat attacks. SQL injection occurs when an attacker seeks to manipulate input fields with malicious commands that interact with a database. For instance, where a company website lacks input validation, it becomes possible for an attacker to enter commands that result in their viewing, deleting, and/or modifying privileged data such as customer and/or financial information on a website hosted by the company.
Insider threats arise when personnel or contractors abuse their access privileges, either voluntarily or inadvertently. An employee with unnecessary access privileges could copy sensitive information to an unsecured area or accidentally delete files. Even if there are no ill Intentions, poor access control could lead to the inadvertent revelation of sensitive information. Both of these problems demonstrate the need for proper input validation, strict access control, and database activities to ensure security and safeguard vital information of the organization.
-
- You must be logged in to reply to this topic.
