News (159)
Firm offers new tools for database security
Security software developer Guardium is expected to formally announce Monday a new suite of integrated security applications for databases, a market that's gaining traction in the current regulatory environment. Read more »
Security guru wants access to bug databases
Security expert Ross Anderson has called for empirical research to be conducted into whether open source or closed source software is more secure, and into the impact that development practices such as extreme programming (XP) have on code quality. Read more »
Database flaws more risky than thought
Details of multiple security flaws in Oracle and IBM databases have been released by the security company that found them. Read more »
Oracle patches 45 security vulnerabilities
In its latest quarterly patch cycle, Oracle has released 45 fixes for various security flaws. Read more »
Patched Oracle database 'still vulnerable'
The latest update for Oracle 10g Release 2 does not plug a hole that allows published attack code to run, according to a security researcher. Read more »
Oracle defends security record
Oracle has shrugged off criticisms of its recent security record, saying that one of the company's biggest security concerns is that its customers are so used to being secure that they are not used to applying patches. Read more »
Oracle to be more selective in patch development
Oracle plans to stop automatically producing security patches for all systems its software runs on, instead creating fixes for uncommon combinations on request, the company said on Tuesday. Read more »
Study: Few bugs in MySQL database
A source-code analysis of the MySQL database, a popular open-source program at the heart of many Web sites, revealed few bugs compared with the number found in commercial code, testing company Coverity said Friday. Read more »
Oracle no longer a 'bastion of security': Gartner
Analyst group Gartner has warned administrators to be "more aggressive" when protecting their Oracle applications because they are not getting enough help from the database giant. Read more »
Microsoft readies revamped database, security software
Microsoft says it's set to release near-final versions of its key database server and other business-oriented software. Read more »
Features (244)
Web application security frameworks (WASF), Part 2: Database lookup
Often, you will want parts of your Web application to be exclusive to certain users. This access distinction requires the use of Web application security frameworks. Continuing our series on Web app security, we explore the database lookup framework. Read more »
Configure Snort to log packets to MySQL
We will look at configuring Snort to log packets to a remote MySQL server where a graphical Web interface can be used to view captured packets and statistics. Read more »
SQL Server: Design for security from the start
Security in the development of a SQL Server database must be a priority right from the start, beginning with the design process. Familiarise yourself with these guidelines before you start your next project and you will prepare a more secure database application. Read more »
Six steps to secure sensitive data in MySQL
If you're using MySQL, there are some easy things you can do to secure your systems and significantly reduce the risk of unauthorised access to your sensitive data. Read more »
Secure SQL Server: Installing for security
Securing SQL Server is vital to the design of any database system. Learn how to install SQL securely, protect data, and ensure its validity. Read more »
Grant Web servers secure database access
Allowing Web clients to access a database is a delicate matter that should not be attempted lightly or without careful consideration. Read more »
Secure ASP.NET 2.0 sites with Membership API
Beginning with ASP.NET 2.0, the Membership API was added to simplify adding security to a Web application. This article explains how to use the Membership API with a SQL Server back-end. Read more »
Secure connections to PostgreSQL
The PostgreSQL database server is arguably one of the best SQL servers available, but it's not as easy for beginners to get a handle on it as with other SQL databases, such as MySQL. Read more »
Encrypt backups using Oracle 10gR2's RMAN
No IT pros want their company to make headline news because of a data breach. You can make your data less vulnerable to theft by using a new feature in Oracle 10g Release 2 that lets you make encrypted backups via Recovery Manager. Read more »
Secure SQL Server: Identify user issues
In this article we'll explore basic methods of logins, users, roles, and groups and the possible management strategies you can use to set up user access to your database. Read more »
Blog (8)
The 2008 Trends and Threats to Internet security
-- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »
Google destroys Security Through Obscurity
-- Google Labs' new Code Search makes it easier for hackers to find database
username and password details by entering strings that are commonly used
within configuration files. Read more »
Lets Shindig!
-- At this year's Google Developer Day in Sydney, Dan Peterson and John Hjelmstad talked about Apache Shindig, an open source implementation of OpenSocial and gadgets. Read more »
Oracle's Agile PLM gains popularity
-- I recently spoke to Oracle about their Agile Product Lifecycle Management (PLM) solution, an integrated tool for managing information about a product throughout its lifecycle. Read more »
Salesforce's new AIR toolkit
-- Following the announcement that Salesforce will provide a free toolkit for Adobe Flex and AIR development on its Force.com platform, I spoke to the company’s Doug Farber, the Vice President of Operations, Asia Pacific about its functionality and other issues surrounding the toolkit. Read more »
Is public domain software open-source?
-- When writing earlier this week about Adobe's sponsoring of the SQLite project, I ran into a complicated issue: is software released into the public domain also open-source software? Read more »
Google Gears screenshots
-- Here is a bit of eye candy of the new Google Gears installation and sample code. Read more »
Attack Modeling vs Threat Modeling
-- Traditional Threat Modeling from an adversarial approach is actually Attack Modeling. So what is Threat Modeling then and how does it differ from Attack Modeling? Read more »
Filter Tags
News and features
- Latest
- Popular
- Features
- Most Discussed
-
Apple to developer: Fart jokes aren't funny
When Apple announced it would be vetting every application submitted for inclusion in the App Store, this was just the kind of question that entered many a mind: just how arbitrary would the company be in wielding that veto power? Read more »
-
Chrome is just another browserHands up if you missed the Chrome release -- didn't think anyone did. Google's browser arrived with all the fanfare and hype that only Google can produce. Read more »
-
Melbourne-based Web start-up 2Vouch yesterday launched the first public beta of what it dubs its "social recruiting platform". Read more »
-
2008/09/05 15:16:44
-
The future of software development practices
2008/08/15 10:04:19
-
Essential Unified Process according to Ivar Jacobson
2008/08/15 09:55:09
What's on?
-
Club Builder: Space, Ubiquity and Microsoft Tri-Soapbox
In this episode of Club Builder: a new Firefox plug-in makes browsing more powerful, computer viruses enter orbit, and Microsoft gets a three-way serve of soapboxing.
