Database Hacking

Prepared by:
Hibba Tabeer
 Database:

• The word database is derived from two

words, data which means unanalyzed
information & Base which means
location.
• Database is a software in which a
collection of related and organized set
of information is placed.
 Your grocery store

bank, restaurant

online shopping sites

Example Hospital

favorite clothing store

mobile service provider

for instance, all use databases to keep track of customer,

inventory, employee and accounting information.
 Database
Management • A DBMS is a set of programs that are used to
create, maintain and manipulate database in a
System convenient way.

(DBMS):
Database hacking:

• The hacker is seeking access to data and obviously, the

database is usually where it resides. This makes the database
the "Golden Fleece" of the hacker.
• Most often, databases are hacked using SQL injection and as
such, this section will focus on SQL Injection (SQLi)
techniques and tools.
 • Any regular database user can hack a
Is it possible to database if it's not properly monitored. No
hack database? matter if operating systems and networks
are properly secured, databases still could:
Can database be mis-configured, have weak passwords,
be vulnerable to unknown and known
be hacked? vulnerabilities, etc.
How databases are
hacked?
• Attackers can exploit buffer overflows,
SQL Injection, etc. in order to own the
database server. The attack could
be through a web application by
exploiting SQL Injection, so no
authentication is needed. In this way
databases can be hacked from Internet
and firewalls are complete bypassed.
SQL injection:

SQL injection is a code

injection technique
that might destroy
your database.

SQL injection is one of

the most common web
hacking techniques.
Protection • The internet today allows you to perform various tasks
with ease. On the other hand, you need to know how to
against protect your sensitive database from hacking problems.

Database • Here are some things you can follow to secure your
database from hacks.

Hacking:
 •You should consider installing database firewalls that will
help restrict access to traffic by default. Make sure that
you receive traffic only from specified applications or
1. Install database webservers that access data. Not only that, you need to
protect your database from unauthorized outbound
firewalls and web connections with the firewall. 
•Moreover, you should install a web application firewall to
application protect your database from certain attacks. Some of them
firewall include SQL injection, file inclusion, cookie-poisoning that
provides ways to obtain optimal results. A web application
firewall allows you to monitor and filter the HTTP traffic. It
even paves ways to block any malicious attacks that aim to
exfiltrate data from your system.
 2. Update your • You should update your operating systems and database
operating systems software as fast as you can with security patches. This
will help discover the most recent vulnerabilities that
and patches require more protection from hacking. It is wise for you
to test the patches on non-production servers first and
  detect any patch problems in your mailing lists.
   •You should create strong passwords that are easy to
  remember and hard to crack. Implement a good password
policy in your company that protects the data from
3. Follow a good hacking. If you are using websites for shopping or banking
purposes, then you should consider changing the
password policy passwords every couple of days. 
 • You should monitor and audit the database continuously
that will help detect anomalous activity on your
operating systems. Furthermore, you can create alerts
for employees to notify them when identifying a
potential malicious attack. Effective monitoring allows
4. Monitor and you to detect the email accounts of your employees
when they indulge in suspicious activities.
audit database • Besides that, you can even detect the users when they
share the accounts after creating an email account
without your permission. You should consider installing
database activity monitoring software that can help get
the desired results.
 • You should encrypt the data into an unreadable and
encoded format that will help get more protection from
5. Encrypt data hacking. Moreover, you should back up your encrypted
data that provides an extra security measure. You can
and backups create several encrypted backups which contribute
more to prevent data from hackers. Backing up your
system will help you get high protection from hacking
and other problems to a large extent.
 6. Check your • Your system is vulnerable to attacks if your database
settings & configurations undergo some changes.
database settings Therefore, you should check them properly to detect
& configurations any sort of changes that will help protect your data from
hacks.
 7. Use two- • Two-factor authentication is one of the best ways to
factor protect data from potential risks. It acts as an extra layer
of protection that gives ways to improve your online

authentication security. The process involves two steps that allow you
to control access to sensitive data.
8. Check your • You should check your database installations regularly to
database know the weak passwords and misconfigurations. If you
use third-party products to install database servers,

installations then you should monitor them to detect any suspicious

activities.
 9. Check for • You should always check object & time permissions to
object & time monitor any errors that occur on your system.
Permission changes will always result in

permissions misconfigurations, and you should fix them as soon as

possible to prevent hacks.
 10. Build • You can detect database attacks in your organization by

database server building a database server honeyspot to gain more

advantages. This, in turn, gives ways to prevent both

honeyspot internal and external attacks to get maximum protection

from attacks.
11. Use third- • If you have few database servers in your company, then
you can monitor them manually with some basic tools.

party tools On the other hand, you should consider using third-
party tools when you have more database servers in
your organization.
12. Test your • You should consider building a database security
infrastructure to prevent data from attackers when they
database want to steal it. However, it is important to test your
database security that will help find missed
security vulnerabilities on your system. You can hire third-party
services for this purpose to ensure high protection