David Litchfield has published a paper “Oracle Vs. SQL Server” on his website http://www.databasesecurity.com you can download it directly from here.
This seems to follow on from a posting I noticed a few weeks back from a Microsoft blog of Jeff Jones regarding SQL Server 2005.
So this highlights the fact that Microsoft are starting to make progress with their SDL program and Oracle don’t seem to have a handle on Security.
However this can also provide people with a false sense of security. These reports are looking specifically at the vulnerabilities of the products only e.g. MS SQL Server and Oracle. Consider the database code that your developer has created:
- Has he or she developed code with security in mind?
- Do they even know about writing secure code?
It might be very possible that your database which happens to be sitting on your SQL 2005 server is bypassed with a SQL injection.
Categories
-
Recent Posts
Archives
- September 2017
- August 2017
- June 2017
- May 2017
- April 2017
- January 2017
- December 2016
- August 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- October 2015
- September 2015
- January 2015
- August 2014
- May 2014
- February 2014
- December 2013
- November 2013
- October 2013
- June 2013
- February 2013
- January 2013
- October 2012
- September 2012
- August 2012
- July 2012
- April 2012
- March 2012
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- May 2011
- April 2011
- February 2011
- November 2010
- October 2010
- August 2010
- July 2010
- May 2010
- March 2010
- February 2010
- December 2009
- October 2009
- August 2009
- July 2009
- May 2009
- April 2009
- March 2009
- February 2009
- December 2008
- November 2008
- October 2008
- September 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- August 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- March 2006
- February 2006
- January 2006
- October 2005