Why research vulnerabilities? System owners, system administrators and database administrators should be aware of current and new vulnerabilities because the most important aspect of a database is the protection of data. Data must not be accessible to or modified by unauthorized users. Because database systems are hosted within an information system, a compromise to the information system means the database itself is at risk. Once an malicious actor gains access to the server hosting the database, it then becomes extremely vulnerable to modification, loss of confidentiality or loss of availability.
Exploited Vulnerabilities can occur in varying areas:
- physical access to the server where the database resides
- physical access to the backup media
Note physical access defeats the strongest technical controls meant to protect a system. Short of physical access other vulnerable areas are:
- access to application that calls the database connection
- Access to the servers hosting the database
- ex filtration of source code repositories and proprietary system documentation
When building custom databases or deploying any new application, developers and system administrators should consider new and existing vulnerabilities. Here is a link to locate the latest vulnerabilities to information systems or database systems.
- NIST National Vulnerability Database – among other features, you can can search the database for known vulnerabilities.