Methods to secure databases against vulnerabilities
Sloan, Jonathan P.
MetadataShow full item record
Many commercial and government organizations utilize some form of proprietary or open source database management system. Recent history shows security incidents involving database management system vulnerabilities resulting in the compromise of personal information for millions of people. This thesis identifies common vulnerabilities affecting database management systems: injection, misconfigured databases, HTTP interfaces, encryption, and authentication and authorization. This thesis also examines three open source database management systems: MySQL, MongoDB, and Cassandra. We test each against the aforementioned vulnerabilities and provide recommendations to mitigate the vulnerabilities.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Performance Impact of Connectivity Restrictions and Increased Vulnerability Presence on Automated Attack Graph Generation Cullum, James; Irvine, Cynthia E.; Levin, Tim (International Conference on Warfare and Security (ICIW) Naval Postgraduate School , Monterey, California, USA 8-9 March 2007 pp.33-46, 2007-03-00);The current generation of network vulnerability detection software uses databases of known vulnerabilities and scans target networks for these weaknesses. The results can be voluminous and difficult to assess. Thus, the ...
The Enemy’s Access Denial System: Potential Competitor Exploitation of U. S. Military Vulnerabilities. Harney, Robert C. (Monterey, California: Institute for Joint Warfare Analysis, Naval Postgraduate School, 2000-12); NPS-JW-01-014As part of an experimental approach to “red teaming” that is studying the problem of enemy access denial systems, the author performed a detailed investigation of the vulnerabilities of the U. S. military’s power projection ...
Dobson, Lucas E. (Monterey, California. Naval Postgraduate School, 2010-06);The goal of this thesis is to investigate the security of the Session Initiation Protocol (SIP). This was accomplished by researching previously discovered protocol and implementation vulnerabilities, evaluating the ...