1. Default, Blank and Weak Username/PasswordsThe same organizations that wouldn’t think of ever leaving their router log-ins at their factory settings very frequently allow hundreds of databases to stand with default username-password combos.
2. SQL InjectionsDBAs and developers must work in tandem to ensure that Web applications aren’t putting the databases they’re tied to at risk of being breached via attacks utilizing SQL injections, a favorite among hackers.
3. Extensive User and Group PrivilegeAllowing users to have unnecessary privileges or to share privileges among large groups is asking for trouble. Failing to keep a reign on privileges makes it difficult to track use and greatly increases insider risk.
4. Unnecessary Enabled DB FeatureOften times the most effective attacks are made possible because a DBA failed to turn off an unneeded package or a feature that was enabled by default. A great deal of database risk can be mitigated by only enabling the features an organization actually uses.
5. Broken Configuration Management5.Broken Configuration ManagementUnnecessary features are left on as a result of poor configuration and change management at the database level. Setting and enforcing database configuration policies will make it easier for an organization to prevent misconfigurations from putting important data at risk.
6. Buffer OverflowsAnother problem that needs attention from DBAs, security personnel and developers working as a cohesive team, buffer overflows are another very common attack technique used to break applications and gain access to data.
7. Privilege EscalationCertain vulnerabilities can be attacked using SQL injections and other attack techniques to escalate privilege and potentially take over the database server. Not only does this give access to data, but it makes it possible to leapfrog into other IT assets.
8. Denial of Service Attack DoSSQL injection attacks can also be leveraged to conduct database-specific DoS attacks-potentially wiping out important data and bringing mission critical systems to a grinding halt.
9. Unpatched DatabasesBecause database environments are extremely prolific, complex and the linchpin to mission-critical applications, many DBAs are loathe to patch them regularly. This is a very common mistake–and a costly one at that.
10. Unencrypted sensitive data – at rest and in motionSo many privacy and compliance issues can be solved if an organization endeavors to encrypt or mask data.