PROGRAMME NAME: DIPLOMA IN CYBER SECURITY

LEARNER ID: 2306000672

ASSIGNMENT NAME: CYB403

ASSIGNMENT TITLE: DATABASE SECURITY AND COMPUTER PROGRAMMING

 TABLE OF CONTENTS

CHAPTER 1: INFORMATION SECURITY CONTROLS TO PROTECT DATABASES…….2

1.1 SECURITY RISKS IN DATABASE SYSTEMS…………………………………..3

1.2 EFFECTIVENESS OF INFORMATION SECURITY CONCEPTS AND TOOLS
IN PROTECTING DATABASES. …………………………………………………4

CHAPTER 2: DATABASE CATEGORIES OF CONTROL……………………………………..5

2.1 DATABASE TERMINOLOGY AND CATEGORIES OF CONTROL………..…6

CHAPTER 3: CONCEPTS AND MODELS OF CLOUD-BASED STORAGE SOLUTIONS..7

3.1 FUNCTIONALITY OF DATABASE TOOLS AVAILABLE TO DATA

OWNERS, CUSTODIANS, INCIDENT RESPONDERS AND
INVESTIGATORS………………………………………………………………..8

CHAPTER 4: COMPUTER PROGRAMMING AND COMPUTER HACKING………………9

4.1. POPULAR COMPUTER PROGRAMMING LANGUAGES…………………10

4.2 RELATIONSHIP BETWEEN PROGRAMMING SKILLS AND THE ABILITY

TO HACK INTO SYSTEMS………………………………………………………10

CHAPTER 5: GENERAL-PURPOSE PROGRAMMING LANGUAGE, PYTHON……….12

5.1 HOW NON-MALICIOUS AND MALICIOUS HACKERS HAVE UTILISED

PYTHON…………………………………………………………………………….13

REFERENCE…………………………………………………………………………………….14

1
CHAPTER 1: INFORMATION SECURITY CONTROLS TO PROTECT DATABASES

2
1.1 SECURITY RISKS IN DATABASE SYSTEMS.
Database systems are the most important part of any software or organization because they
store crucial information about its functionality. Due to this, database security is another
important subject in security that must be keenly protected from hackers. Some of the
attacks on databases are
(1) SQL injection: This is a common type of MySQL attack. It is a type of attack that occurs
when an unauthorized user sends a malicious attack via HTTP requests to the web backend
to gain complete access to the database. These attacks usually target relational database
management systems (RDBMS) based on the SQL programming language. (Isla Sibanda,
2022)
(2) Distributed Denial Of Service Attack (DDOS): This type of attack occurs when a
malicious sends multiple requests to the server to deny access to the rightful user of the
system. It may cause the system to crash or instability in the system functionality. Distributed
Denial of Service (DDoS) attack is a menace to network security that aims at exhausting the
target networks with malicious traffic(IEEE, 2019).
(3) Malware: Malware is software constructed to damage the databases of a system. The
developer can send this malware through one of the hosts connected to the network to gain
access to the database. Most of these are often done because of financial ransom.
(4) Weak Audit Trail: An audit trail allows for managing all the incidents within a database
system. A database system must have an audit trail that provides insight into all activities
within the database. In addition, system users must monitor these trails to ensure security
principles are not breached. The audit protocol is a challenge/response between the auditor
and the file system to be audited (Peterson et al., 2007).

Privilege Abuse: In setting up a database system, users are created and granted
permission based on each user's role in the database. If users do not properly manage the
login credentials created to this database, a malicious user can gain access when they can
access these credential details (Haber, M. J. 2020).
Unprotected Backup: Database backup helps businesses prevent total data loss in case of
a fire break out or cyber-attack on the application. If these databases are not properly
protected, an authorized user can easily access them, giving them a clue to access the main
database. In addition, it is advisable to encrypt the password character used in the database.
It will prevent a normal eye from understanding the password of users.
Database Default Misconfiguration: The default setting for most database access must be
fully disabled. It helps hackers easily gain access to the database.

3
1.2 EFFECTIVENESS OF INFORMATION SECURITY CONCEPTS AND TOOLS IN
PROTECTING DATABASES.
Information security is majorly shaped around confidentiality, integrity, and availability of
information in the database. Information stored in databases must be highly confidential, and
the integrity of the information must be ascertained. In addition, the information must be
accessible by the right user at any time it is queried. Information accessibility to the right
users ascertain the integrity of the information stored in the database(Huwida 2009).
Creating security around the database provides confidentiality of the stored information and
allows the system users to guarantee the system is secure. It is advisable to deploy an MFA
or 2FA authentication method to protect the authenticity of the user before accessing the
right resources.
Information availability is essential when the user needs them. The database connection
must easily return requests after being queried with the right parameters.
It is important to protect the traffic sent to databases with a firewall and ensure all the traffic
is encrypted to avoid malicious decryption (Yuan, D.B. 2010).

4
CHAPTER 2: DATABASE CATEGORIES OF CONTROL.

5
2.1 DATABASE TERMINOLOGY AND CATEGORIES OF CONTROL.
A database is a systematic or organized collection of related information that is stored to be
easily accessed, retrieved, managed, and updated. Due to this, we need to understand
some of the terminologies used in requesting and managing the values stored in the
databases. Some of these terminologies are:
Database: A database is a group of records or data stored in a computer to be consulted by
a program to answer queries (James Berrington,2016). It is often classified into relational
and non-relational databases. Examples include MySQL, MongoDB, Postgres, Oracle,
MySQL Server, etc.
Schema: This shows the database structure's layout design and how it relates to all the
information stored.
Query: These are instructions sent to the database to retrieve, create, update, or delete
information from the database. These instructions can also be integrated into the
programming language of the application.
Primary Key: This is the unique value of each record stored in the database. The identifier
is always auto-incremental and always unique to each record stored(Mike Chapple 2021).
This key protects the integrity of each record stored in the database.
Record: This is information sent to the database at a time. This information is stored and
retrieved together when instruction is sent for retrieval.
Table: This is used in relational databases to group information stored in the database for
easy accessibility. Tables within relational databases relate with one another with primary
keys. Examples of relational databases are MySQL, Postgres, and so on.
Column: Column represents the smallest unit of a relational database. Information is stored
in the column for accessibility and is grouped by row within the database. It helps application
programming to easily reference the data within the database.
Row: In a relational database, columns are grouped and referred to as rows. Rows represent
a subset of a table which forms the basis of relational databases. All applications in a
relational database access their data from a row.
Data Type: These represent all the data types acceptable in the database. All the records in
a database must declare their data type format before being used. Some examples of data
types are variable(var), character(char), double, integer, float, bool, timestamp, blob,
datetime, and many more.

6
CHAPTER 3: CONCEPTS AND MODELS OF CLOUD-BASED STORAGE SOLUTIONS

7
3.1 FUNCTIONALITY OF DATABASE TOOLS AVAILABLE TO DATA OWNERS,
CUSTODIANS, INCIDENT RESPONDERS AND INVESTIGATORS.
Data owners work with various tools for protecting, classifying, and analyzing data before
processing them. Some of the tools that are being used will be discussed in this
section(Swati Tawde,2011)
.Filemaker: The application can connect to databases like MySQL, Postgres, etc. Data can
easily be manipulated and managed from the database using this application.
Informix: Informix is an application that allows data custodians, data owners, and
investigators to manage relational and NoSQL databases. IBM developed Informix to enable
fast data management and connection to databases.
Amazon RDS: This software helps data owners manage relational and non-relational
databases within AWS cloud infrastructure. It provides robust database security and a
secured backup for all the information stored in the database.
ADABAS: ADABAS represents an adaptable database system. Its flexibility for manipulating
and transmitting data makes data owners prefer it when working on databases. It is a
commercial system that works on different operating systems.
Teradata: This relational database management system provides warehousing for large
data storage for application or business intelligence purposes. Teradata works on several
platforms, including UNIX, Windows, and Linux(Karen Kent 2006).
Hadoop: This software is designed to store large volumes of data across distributed
systems. It provides authentication for file permission, enhancing security integrity in large
distributed systems.
CouchDB: It is a distributed cloud-based NoSQL database. It is very scalable and efficient
in managing data. It is a non-relational database and stores its data in JSON format. It uses
a form of multi-version concurrency control (MVCC), which always leaves issues for the
application programming to provide logic.
Toad: This database analyzes data for data owners and custodians. It provides analytical
tools to help data owners optimize the data performance within the usage environment.
SequelPRO is a fast and secure database management software used on Mac OS to
connect MySQL and Maria DB databases. This help data owner to connect easily with their
database with less stress from any location they send their request.
PhpMyAdmin: This database management application allows connection to MySQL and
Apache servers. It functions on different platforms like Windows, Linux/UNIX and Mac. It
provides a good, user-friendly interface to work with MySQL.
Neo4j: This is a graph database management system. It stores data in a graphical format for
quick interpretation for data owners. It works on Windows and Linux.

8
9
CHAPTER 4: COMPUTER PROGRAMMING AND COMPUTER HACKING.

10
4.1. POPULAR COMPUTER PROGRAMMING LANGUAGES.
Programming language is a set of instructions that helps a computer perform a particular
task. Many programming languages are being used to develop applications in the world
today. We will discuss some of the well-known ones in this document.
JAVA: Java is a client-server programming language used to develop applications in large
enterprises. Java is an object-oriented language with a robust security function that runs on
a computer with a JRE application installed. Java has various frameworks that help
developers achieve their development quickly. Some are Spring, struts, hibernate, java
server faces, drop wizard, etc.( J. Gosling 2005)
PHP: PHP is a programming language for about 70 percent of most applications on the web
today. Php is a server-side language for creating flexible applications on the web. It is an
open-source programming language allowing many contributors to work on its codebase.
Php has various frameworks that help its developer achieve their project on time. These
frameworks include Laravel, CodeIgniter, cake, symphony, etc.
FLUTTER: It is an open-source software developed by Google for developing mobile and
web applications. It is a cross-platform programming language that helps developers build
Android and iOS applications from a single codebase.
C#.NET: It is one of the most powerful programming languages developed by Microsoft that
runs on the .NET framework. It is used to build mobile, web, and gaming applications. It is an
object-oriented programming language that assists programmers in creating classes for their
functions easily. It can work on different platforms, including Windows, Linux, and Mac OS.
PYTHON is an object-oriented high-level programming language(Improwised
Technologies,2011). It is used for web applications and the interpretation of large data in
data analytics. Programmers can generate data representation from large data volumes
using this language that helps businesses forecast the vision of their businesses or
customers.
SQL: It's a language for creating, manipulating, and accessing relational databases to store
information. It is a language widely used by most applications on the web. SQL can connect
databases with programming languages like Java, Python, PHP, etc.

4.2 RELATIONSHIP BETWEEN PROGRAMMING SKILLS AND THE ABILITY TO HACK

INTO SYSTEMS.
Programming skills equip programmers with the ability to write instructions that a computer
can understand to perform a task or duties with a network system. Coding (programming)
does not merely mean writing a computer program, it is a phenomenon that requires top-tier
thinking skills, systematic thinking, producing and establishing causal links, and creative
thinking (Yükseltürk and Altıok, 2015). This skill can also be used to develop computer

11
programs or applications that can penetrate a network or send an attack into a network. For
instance, a Java program has a .net library that can open ports, connect with IP, or use a
MAC address to access a host system with a network. Implementing such libraries can allow
a programmer to penetrate a network system and run a malicious program on the network or
other hosts within the network. With the increasing pace of technological development, that
statement is even more true today (Manuguerra and Petocz, 2011). Programming languages
can help you hide your identity and gain access to most of the scripts used in connecting to
the database. It allows hackers to fully access all the critical information of the application or
the organization. It is possible to decrypt passwords and send flood scripts to gain access
with Python. Most ethical hackers learn this programming language to increase their skill at
penetrating network systems or host computers within a network. Software engineers can be
reverse-engineered to implement hacking-prone software for malicious gains. Programming
language can enhance hacking into network systems, servers, and host computers in a
network environment. Because of this, a network environment must define network security
standard for all the software or application that operates on all the servers within the
network. Any unauthorized software within a network environment must be quickly removed.
Network penetration of software must also be dealt with. Firewall checkers must restrict
software from accessing the resources they are not authorized to access.

12
CHAPTER 5: GENERAL-PURPOSE PROGRAMMING LANGUAGE, PYTHON.

13
5.1 HOW NON-MALICIOUS AND MALICIOUS HACKERS HAVE UTILISED PYTHON
Python has great libraries, which makes it a very attractive language for malicious users to
use in hacking. Libraries like NetworkX and NAPAL are libraries that a destructive hacker
can use to gain unauthorized access to a network. Python's ability to develop a small
scripting language makes it possible for hackers to develop it. With a wide range of the
Python community, it is easy for hackers to seek support for their applications using it for
destructive purposes(Sinha, S. 2017). Due to its open-source nature, hackers can use
applications developed by other hackers to implement their malicious intentions. In addition,
Python is easily debugged because the code is simpler and smaller to write. It is also easy to
learn. The ability to extract geolocation and to sniff network packets with packages like
packetsniffer.py has made Python easily used by hackers to gain access to a network
environment and packetInjection.py, which makes hackers inject packets into network traffic.
It is used for host discovery, decoding network packets, and assessing servers. Python
developers can easily hack social media like Facebook, Twitter, LinkedIn, etc. Python
provides different packages, enabling hackers to perform their target easily. (Sinha, S. 2017)
On the contrary, an ethical hacker with good consent can run penetration testing on a
network with a small Python script application. It will help them to be able to identify the
network lapse within the network system and proffer solutions. Python has a vast service it
can implement without using a third-party application. These include wireless port scanning,
website load testing, attack simulation, network port scanning, and intrusion and prevention
system development. A network can be tested with Python to check the system's
vulnerability before being deployed. Python can test microchips on intel and scan network
traffic for vulnerabilities. Applications like Wireshark and many applications are developed in
Python programming language. Python can provide a good cyber security guard against any
brutal attack from malicious attacks for every network environment.

14
References
Software Development Services | Web App Development | Offshore Web Software
Development.
https://www.improwised.com/services/web-software-development/

https://www.tripwire.com/state-of-security/major-database-security-threats-prevent
(September 25,2022)
2019 International Carnahan Conference on Security Technology (ICCST)

PETERSON, N. J. Zachary; Randal Burns; ATENIESE, Giuseppe; BONO Stephen. Design

and Implementation of Veri able fi Audit Trails for a Versioning File System. Proceeding
FAST '07 Proceedings of the 5th USENIX conference on File and Storage Technologies in
2007.

Haber, M. J. (2020). Privileged attack vectors: Building effective cyber-defense strategies

to protect organizations. Apress.

Huwida., M. Guimaraes, Z. Maamar, and L. Jololian, Database and Database Application

Security, ACM SIGCSE Bulletin, Volume 41, No. 3, 2009, pp. 90-93.

Wang, X.M. and Yuan, D.B. (2010) Privacy-Protecting Outsourcing Database Query
Verification Technology. Journal of Beijing University of Technology, 36, 703-709.

https://doi.org/10.1016/j.mpaic.2016.11.016.

(https://www.sciencedirect.com/science/article/pii/S1472029916302181)

https://www.lifewire.com/primary-key-definition-1019179

2023 https://www.educba.com/database-management-software/

Karen Kent, Suzanne Chevalier, Tim Grance, Hung Dang

Guide to Integrating Forensic Techniques into Incident Response
NIST Special Publication 800-86 August 2006

J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification, 3/E.
Addison Wesley, Reading, 2005. Available online
at http://java.sun.com/docs/books/jls/index.html.

Yükseltürk, E. ve Altıok, S.(2015), Bilişim Teknolojileri Öğretmen Adaylarının Bilgisayar

Programlama Öğretimine Yönelik Görüşleri. Amasya Üniversitesi, Eğitim Fakültesi Dergisi,
4(1), 50-65.

Manuguerra, M. and Petocz P (2011), “Promoting Student Engagement by Integrating New

Technology into Tertiary Education: The Role of the iPad”, Asian Social Sciences, Vol: 7,
No:11, pp. 61- 65.

Sinha, S. (2017). Legal Side of Hacking. In: Beginning Ethical Hacking with Python. Apress,
Berkeley, CA. https://doi.org/10.1007/978-1-4842-2541-7_1

15
16