Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CalCom

SQL Server Orphaned Users - Detection and Remediation Steps

May 29, 2024 By John Gates In CalCom
Orphaned users SQL Server arise when a database user is associated with a login in the master database that no longer exists and should be removed. This situation can happen when the login is removed or when the database is transferred to a different server lacking the corresponding login. The SQL Server logins existing on a server instance can be seen through the sys.server_principals catalog view and the sys.sql_logins compatibility view.
Read Post

Account Takeover, SQL Injection and DDoS Attack Simulation on APIs

May 28, 2024 By Indusface In Indusface
Overview: According to TechTarget, 94% of organizations experience security problems in production APIs, and one in five suffers a data breach. The primary reason is that most tech leaders assume that having a strong authentication and authorisation framework is enough to secure APIs. As a result, cyberattacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise. Join Karthik Krishnamoorthy, CTO and Vivekanand Gopalan Gopalan, VP of Products at Indusface, in this webinar as they demonstrate how APIs can be hacked.
View Video
apono

Scaling Least Privilege Access for Databases

May 28, 2024 By Rom Carmel In Apono
In today’s increasingly complex digital landscape, safeguarding sensitive data has never been more critical. Yet, many organizations grapple with balancing accessibility and security within their databases. Enter the concept of least privilege access, a pivotal strategy designed to minimize vulnerabilities by ensuring users have only the permissions essential for their role. However, scaling this principle across large-scale environments poses unique challenges and opportunities.
Read Post

Mastering SQL Injection : A Comprehensive Guide to SQL Map

May 27, 2024 By VISTA InfoSec In VISTA InfoSec
In this video we will learn about one of the most prevalent database threats today, SQL Injection attack which is a common method used by hackers to exploit vulnerabilities in web applications that interact with databases. Join us as we explore the inner workings of this malicious technique and understand how SQLMAP Tool, a powerful open-source penetration testing tool can be used to protect your data. With step-by-step examples and demonstrations, we will show how to install SQLMAP and take countermeasures.
View Video
CalCom

Ad Hoc Distributed Queries - SQL Server

Apr 17, 2024 By John Gates In CalCom
An ad-hoc query is an unscheduled data inquiry, typically created in response to questions that cannot be addressed using predetermined or predefined datasets. Ad hoc distributed queries utilize the OPENROWSET(Transact-SQL) and OPENDATASOURCE(Transact-SQL) functions for establishing connections with remote data sources employing OLE DB. It’s advisable to employ OPENROWSET and OPENDATASOURCE solely for referencing OLE DB data sources that are accessed on an occasional basis.
Read Post
keeper

How To Securely Manage Database Access for Remote Users

Apr 3, 2024 By Aranza Trevino In Keeper
The best way to securely manage database access for remote users is by using a Privileged Access Management (PAM) solution. PAM solutions provide full visibility and control over database access to prevent privilege misuse, reducing the likelihood of an insider threat harming your organization.
Read Post
jit

Enhance MongoDB Security for Atlas With Scalable Tenant Isolation

Apr 1, 2024 By Ariel Beck In Jit
As a company building a SaaS security product, our inherent culture is not only focused on building best of breed security products for our users, but also ensuring that our systems, practices and workflows are engineered to support a continuously evolving threat landscape, and to protect our users’ data. We’ve written about our design for tenant isolation for our serverless based architecture in the past, and practical methods to avoid data leakage between clients.
Read Post
obrela

Apache Superset - Database Data Retrieval Through Improper Error Handling

Mar 6, 2024 By Anastasios Stasinopoulos In Obrela
Anastasios Stasinopoulos from OBRELA LABS Team discovered a security flaw that affects Apache Superset (before 3.0.4, from 3.1.0 before 3.1.1), an open-source modern data exploration and visualization platform. Apache Superset error handling can be manipulated in order to allow data retrieval from the backend database.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.