Saturday, December 17, 2005

Database Threats

• Password Compromised – same as brute force, or username/password hard-coded in code

• SQL Injection - attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands.Access with Elevated Privileges – incorrect configuration leads to access with higher-than-expected privileges

No comments:

Post a Comment