Database security¶

Databases hold the data that makes applications worth attacking. SQL injection, overly permissive accounts, unencrypted connections, and default configurations that were never tightened are consistent findings across database security assessments. The controls for each are well-established; consistently applying them across every deployment is where they tend to fail.