DATABASE – WEB INTERFACE VULNERABILITIES
DOI:
https://doi.org/10.53477/2668-2001-21-35Keywords:
database; cybersecurity; web-base vulnerabilities; network interface; user credentials.Abstract
The importance of information security in general, of managed information at the level of a database has increased with the expansion of the Internet. On the other hand, it has acquired new facets with the increase of the accessibility of the users to as many resources as possible. Large volume of private data in use and the limitation of unauthorized actions to information have brought new aspects to the issue of ensuring their protection. The scope of this field is wide and allows the operation in several directions: identification, description, creation, implementation and testing of mechanisms aimed at improving the working environment in which database management systems operates. Due to the importance of the information managed by a DBMS[1], it is necessary to define a framework safe and easy to use. The database fulfills not only the role of storage, but also of data provider to users. Thus, the information must be protected throughout the interaction process: generation, storage, processing, modification, deletion, etc. Therefore, the security of databases must not only be reduced to the protection of certain data considered sensitive, but also to the creation of a secure, authorized and controlled global environment through which information becomes available to users.
[1] DBMS – DataBase Management System
References
Fruhlinger, Josh. 2020, “Equifax data breach FAQ: What happened, who was affected, what was the impact?”, https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
Info sec. 2002. “Information Security Management Best Practice”, https://www.pitt. edu/~dtipper/2825/ISO_Article.pdf, accessed January 10, 2021.
ISO. 2015. “ISO-Security techniques – code of practice for information security management”, accessed 2005.
NICVA. “GDPR and Encryption”, https://www.nicva.org/data-protection-toolkit/templates/gdpr-and-encryption, accessed February 11, 2021.
OWASP Project. “Top 10 Web Application Security Risks”, https://owasp.org/www-project-top-ten/
Player security. 2019. “Player Security Announcement”, September 2019, https://investor.zynga.com/ news-releases/news-release-details/player-security-announcement
Stempel, Jonathan, Jim Finkle. 2017. “Yahoo says all three billion accounts hacked in 2013 data theft”, October 3, 2017, https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-three-billion-accounts-hacked-in-2013-data-theft-idUSKCN1C82O1, Last accessed February 11, 2021.
Stevens, Marc. 2017. “The first collision for full SHA-1”, https://shattered.io/static/shattered.pdf
Stoneburner, Gary. 2001. “Computer security. National Institute of Standards and technology”, (NIST 800-33), 2001, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151250, accessed January 10, 2021.
Verizon. 2020. “Data Breach Investigations Report”, https://enterprise. verizon.com/ resources/reports/dbir/, accessed December 03, 2020.