Database Security: Attacks and Solutions

  • Sarvesh SoniEmail author
  • Rejo Mathew
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 49)


Data is a critical merit resource and due to its importance, data protection is a noteworthy component of database security. Database security refer to the measures and tools used to protect a database from unauthorized laws, spiteful threats and attacks. Data security means protecting data, alike in a database, from malicious and devastating forces of unauthorized and unauthenticated users, such as cybercrime attacks or a data security breach. Since digitalization and rapid progress in technology, web applications and databases are widely used like e-commerce, online payments, online banking, money transfer, social networking, etc. [15]. For seamless and hustle-free experience which includes risk free operations on databases, defining and implementing database security is utmost important. Security aims that would be applied for data security, includes: CIA triad; Confidentiality for concealment of data and issues of privileges abuse, Integrity for trustworthiness of data and issues of legitimate unauthorized accesses including social engineering attacks. Availability guarantees that resources are available to users when they need them and issues are exposure of backup data and denial of service. It acknowledges the economic, financial and commercial documentation of records and reports related to an organization [11]. Moreover, security attacks, solutions, comparison table and future work are discussed in this paper.


Unauthenticated access Platform and protocol vulnerability Weak audit trail Unauthorized elevation Data protection Privilege abuse Cryptography Exposure of backups 


  1. 1.
    Ali, A., Afzal, M.: Database security: threats and solutions. Int. J. Eng. Invent. 6(2), 25–27 (2017)Google Scholar
  2. 2.
    Deepika, Soni, N.: Database security: threat and security techniques. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 5(5), 621–624 (2015)Google Scholar
  3. 3.
    Singh, S., Rai, R.K.: A review on report on security threats and database. Int. J. Comput. Sci. Inf. Technol. 5(3), 3215–3219 (2014)Google Scholar
  4. 4.
    Malik, M., Patel, T.: Database security – attacks and control methods. Int. J. Inf. Sci. Tech. 6(1/2), 175–183 (2016)Google Scholar
  5. 5.
    Gahlot, S., Verma, B., Khandelwal, A., Dayanand.: Database security: attacks, threats and control methods. Int. J. Eng. Res. Technol. 5(10) (2017)Google Scholar
  6. 6.
    Sharma, P., Monika: Database security: attacks and techniques. Int. J. Sci. Eng. Res. 7(12), 313–319 (2016)Google Scholar
  7. 7.
    Devi, R., Venkatesan, R., Raghuraman, K.: A study on SQL injection techniques. Int. J. Pharm. Technol. 8(4), 22405–22415 (2016)Google Scholar
  8. 8.
    Randhe, K., Mogal, V.: Security engine for prevention of SQL injection and CSS attacks using data sanitization technique. Int. J. Innov. Res. Comput. Commun. Eng. 3(6), 5890–5898 (2015)Google Scholar
  9. 9.
    Mahjabin, T., Xiao, Y., Sun, G., Jiang, W.: A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int. J. Distrib. Sens. Netw. 13(12) (2013)CrossRefGoogle Scholar
  10. 10.
    Sarah, S.: GDPR and privacy lawsuits. In: Cyber Decoder, JLT, issue 39, p. 4 (2018)Google Scholar
  11. 11.
    Sarmah, S.: Database Security – threats and prevention. IJCTT 67(5), 46–50 (2019)CrossRefGoogle Scholar
  12. 12.
    Sridhar, S., Smys, S.: Intelligent security framework for IoT devices cryptography based end-to-end security architecture. In: International Conference on Inventive Systems and Control (ICISC), pp. 1–5. IEEE (2017)Google Scholar
  13. 13.
    Mukherjee, S.: Popular SQL server database encryption choices. In: SSRG-IJCSE, pp. 1–6 (2018)Google Scholar
  14. 14.
    Basharat, I., Azam, F., Muzaffar, A.: Database security and encryption: a survey study. IJCA 47(12), 28–34 (2012)CrossRefGoogle Scholar
  15. 15.
    Kawalkar, M., Butey, P.K.: An approach for detecting and preventing SQL injection and cross site scripting attacks using query sanitization with regular expression. Int. J. Comput. Trends Technol. (IJCTT) 49(4), 237–245 (2017)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of I.T., Mukesh Patel School of Technology and ManagementNMIMSMumbaiIndia

Personalised recommendations