2Database Security Is More than the Database
3Secure Practices for Developers
Developers have a lot on their plates, but they need to make sure there is room for security on there, too. Some tips: use static SQL—most Web applications should never use dynamic statements, and if they do, all input should be validated. Also, consider using bind variables (parameterized queries) and ensure that database schema for your applications have minimal privileges.
4Reduce the Attack Surface
5Share Accounts, Shared Vulnerability
Access ControlsDatabase access should be mapped to job requirements. In a May survey of 430 members, the Independent Oracle Users Group reported that less than one-third of respondents said they could prove their super-users were not abusing privileges. Care should also be taken when assigning any privileges to public or guest accounts.
10Designing the Database Security Policy
Keep any relevant industry compliance regulations in mind, and embrace the dark side—think like a hacker. Look for security issues in configurations and bugs. When you have a security policy set, roll it out gradually, focusing first on the issues you have identified as high risk.