This is a continuation of multiple educational video demonstrations related to Web application and database attacks. This video is focused on database privilege abuse which is generally related to careless, negligent or malicious insiders - i.e. employees, partners, consultants.This example of database privilege abuse relates to direct database attacks without Web applications. An insider can decompile a fat desktop Java client to glean credential information allowing him to directly access the database with elevated privileges. Using the application's credentials for database access, not his own, he could operate with the privileges granted to the Java application.
October 01, 2009
Imperva Database Hacking Video: Database Privilege Abuse by Malicious Insiders
You can follow this conversation by subscribing to the comment feed for this post.
Comments
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
« Data Security for Critical Infrastructure | Main | Imperva Security Podcast Interview on Direct Database SQL Injection Attacks »
Find Us Online
Authors
Monthly Archives
Blogroll
Email Subscription
