Question

Write a 1 page paper outlining recent vulnerabilities in the RDBMS platforms Oracle, SQL Server and MySQL. Compare the quantity and types of vulnerabilities and the vendors response to patch them. Recommend one of the 3 vendors as being the best to respond to security vulnerabilities in their products.

Answer 1

RECENT VULNERABILITIES IN RDBMS PLATFORMS -

Injection - It is one of the most popular vulnerabilities in RDBMS. It allows the third party to elevate privileges and gain access to a large functionality. Injection occurs when a user provides input for a query that changes the intended meaning of the query. It is a critical problem in the protection of the enterprise database. To stay clear of these vulnerabilities, the best way is to protect web-facing databases with firewalls. However, a lot of vendors have released fixes to prevent these problems.

Authentication - Authentication concerns itself with verifying a user's identity. This happens due to the incorrectly configured user and session authentication. This allows attackers to compromise passwords, keys or take control of user's accounts to assume their identities. This can be fixed by using multi-factor authentication. This greatly reduces the risk of compromised accounts.

Authorization - Authorization concerns itself with verifying a user's privileges. Organizations need to ensure privileges are not given to unauthorized users. Improper configuration or missing restrictions on authenticated users allow access to unauthorized functionality or data which includes private and sensitive information. Penetration testing is a method to prevent such kind of attacks.    

Data Leaks - Sensitive data is much more prone to be accessed by hackers. These data includes financial data, usernames and passwords, or health information. Organizations should never store sensitive data unencrypted. To avoid such a problem, an organization should use SSL- or TLS-encrypted communication platforms. All connections to the database should always use encryption.

Weak Username and Password - Using a weak/default username and password id one of the major vulnerabilities of compromisation of a database. The credentials are easy to be guessed and can be used to access sensitive information. It can be removed by adding proper checks to the web frontend while username and password creation.

The best vendor to respond to security vulnerabilities in their products is Oracle. It regularly releases patches and fixes to prevent the vulnerabilities. In the recent quarterly patch update, it has fixed a record 334 vulnerabilities across its products. As per a study, the average number of security patches has tripled in the last 4 years (from 113 to 334).