Methods to secure databases against vulnerabilities
Authors
Sloan, Jonathan P.
Advisors
Otani, Thomas
Second Readers
Gondree, Mark
Subjects
database
security
injection
encryption
authentication
authorization
MySQL
MongoDB
Cassandra
security
injection
encryption
authentication
authorization
MySQL
MongoDB
Cassandra
Date of Issue
2015-12
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Many commercial and government organizations utilize some form of proprietary or open source database management system. Recent history shows security incidents involving database management system vulnerabilities resulting in the compromise of personal information for millions of people. This thesis identifies common vulnerabilities affecting database management systems: injection, misconfigured databases, HTTP interfaces, encryption, and authentication and authorization. This thesis also examines three open source database management systems: MySQL, MongoDB, and Cassandra. We test each against the aforementioned vulnerabilities and provide recommendations to mitigate the vulnerabilities.
Type
Thesis
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.