Database and Their Vulnerabilities

Since ultimately an attacker is going after the information contained in a database, you must have a good understanding of database. Databases store data such as configuration information, application data, and other information of all shapes and sizes. An attacker who can successfully locate a vulnerable database will find it a tempting target to pursue.

In today’s environment database form the heart of many web apps. Commonly used applications such as Microsoft SharePoint and others use databases as the nucleus of their structure. In fact, a majority of web apps would not function without a database as their back end.

A Look at Database

For all of its complexes, a database can be described as simply a hierarchical, structured format for storing information for later retrieve, modification, management, and other purposes. The types of information that can be stored within this format vary, but the goal is still the same: storage and retrieval.

Databases are typically categorized based on how they store their data. These types include the following:

Relational Database With a relational database, data can be organized and accessed in various ways as appropriate for the situation. For example, a data set containing all the customer orders in a table can be grouped by the zip code in which the transaction occurred, by the sale price, by the buyer’s company name, and so on.

Distributed Database A distributed database is designed to be dispersed or replicated between different locations across a network.

Object-Oriented Programming Database An object-oriented programming database is built around data-defined object classes and sub classes.

Within a database are several structures designed to organize and structure information. Each structure allows the data to be easily managed, queried, and retrieved:

Record or Row Each record in a database represents a collection of related data such as information about a person.

Column A column represents one type of data, for example, age data for each person in the database.

Database has a broad range of applications for everything from storing simple customer data to storing payment and customer information. For example, in an e-commerce application when customer place an order, their payment and address information may be stored within a database that resides on a server.

While the function of databases may sound mundane, database come into their own when linked to a web application. A database linked as part of a web app can make a website and its content much easier to maintain and manage. For example, if you use a technology such as ASP.NET, you can modify a website’s content by editing a record in a database. With this link, simply changing a record in a database will trigger a change in any associated pages or other areas.

Another common use of databases, and one of the higher-profile targets, is in membership of member registrations sites. In these types of sites, information about visitors who register with the site is stored within a database. This information can be used for a discussion forum, chat room, or many other applications. With potentially large amounts of personal information being stored, an attacker would find this setup ideal for obtaining valuable data.


Add a Comment