Firmasinin yaptığı en çok güvenlik zaafiyati veren DATABASE Software listesi aşağıdaki gibidir ;
* Buffer overflows in processes that listen on well known TCP/UDP ports
* SQL Injection via the web front end of the database
* Databases running in default configuration with default usernames and passwords
* Databases running with weak passwords for privileged accounts
Örnegin : Microsoft SQL server can be accessed via TCP port 1433, Oracle via TCP port 1521, IBM DB2 via ports 523 and 50000 up, MySQL via TCP port 3306, and PostgreSQL via TCP port 5432.
# Oracle Security Alerts (()
# MySQL (()
# PostgreSQL (()
# Microsoft SQL (()
# IBM DB2 (()
SANS Reading Room on Database Security
* http://www.sans.org/rr/catindex.php?cat_id=3
Oracle
SANS Comprehensive Security Checklist for Oracle
* http://www.sans.org/score/oraclechecklist.php
* https://store.sans.org/store_item.php?item=80
CIS Oracle Benchmark Tool
* http://www.cisecurity.org/bench_oracle.html
Oracle security information can be found at
* http://www.petefinnigan.com/orasec.htm
* http://otn.oracle.com/deploy/security/index.html
MySQL
SecurityFocus step-by-step guide to securing MySQL
* http://www.securityfocus.com/infocus/1726
MySQL Security
* http://dev.mysql.com/doc/mysql/en/Security.html
PostgreSQL Security Guide
* http://www.postgresql.org/docs/7/int.../security.html
Microsoft SQL Security Guide
* http://www.microsoft.com/sql/techinf...y/default.mspx
IBM DB2
* http://www.net-security.org/dl/artic...ng_IBM_DB2.pdf
Kaynak: Sans.Org