Resources


Top RSS Feeds  |  Video  |  Terms and DefinitionsPublications  |  State Regulations  |  Other Resources

Welcome to  TeamSHATTER’s Resource Center. This page will provide you with great resources to aide your organization’s efforts against data-specific security attacks. We encourage you to use this center as a helpful guide for all your security efforts.

Top RSS Feeds

Read the latest TeamSHATTER.com news and headlines from your personal homepage, browser, or news aggregator program. Our syndication policy.

 Latest TeamSHATTER News (All Posts)

Latest TeamSHATTER Exclusive Posts

 Latest TeamSHATTER Knowledgebase Updates

For more feeds, visit the Topics page to find the subject that interests you most.

Back to Top 

Video


Other videos

Back to Top

Terms and Definitions

  • Security Advisories: Security Advisories provide details about vulnerabilities discovered by TeamSHATTER.
  • Threat Finder:  TeamSHATTER’s Threat Finder allows you to search the TeamSHATTER Knowledgebase of known database vulnerabilities and misconfigurationsto learn details about the particular threats; for example, Multiple SQL Injection in Oracle Enterprise Manager Service Level component.
  • Threat ID: A Threat ID is a unique identifier in the TeamSHATTER.com threat knowledgebase.
  • Threat Date: A Threat Date is the date the threat information was made public on TeamSHATTER.com.
  • Threat Name: A Threat Name is a unique name assigned by TeamSHATTER.
  • CVE Reference: A CVE Reference represents a unique standardized name given for a vulnerability or threat.  A CVE list is maintained by The Mitre Corporation. If a threat cannot be identified by a CVE Reference it is marked as CVE-NO-MATCH.  TeamSHATTER and Application Security, Inc. are committed to ensuring timely CVE data is appropriately and accurately updated. The CVE list is monitored regularly as an integrated part of our Vulnerability Intelligence gathering and research. Updates and verification of mapping accuracy are part of regular and continuous processes. 
  • To search by CVE Reference you can input the CVE identifier (ie. CVE-2011-0787) in the Site Search form at the top of the page.  This will point you to any Security Advisory with a CVE Reference.  You can also go to the Threat Finder page and input the CVE identifier (ie. CVE-2011-0787) in the CVE Reference field and click Search.  This will find you any Threat Finder ID with that specific CVE Reference.
  • CCE Reference: A CCE Reference represents a unique standardized name for a give configuration.  A CCE list is maintained by the The Mitre Corporation. If a configuration cannot be identified by a CCE reference it is marked as CCE-NO-MATCH.
  • Category: Category is a unique group assigned by TeamSHATTER for each vulnerability or threat. The following are a list of possible categories:
    • Improper Access Controls
    • Misconfigurations
    • Operating System Issues
    • Patchable Vulnerabilities
    • Weak Passwords
    • Other
  • Risk: Risk is a standardized category TeamSHATTER uses to rate the severity of threat.  Risk categories include High, Medium, Low, and Informational.  TeamSHATTER will use the following as guidance when selecting a risk level:
    • High Risk: Typically allows a non-privileged user or non-user to potentially gain full unauthorized access control to the application and/or system or crash the database and/or system.
    • Medium Risk: Typically allows a limited-privileged user to potentially gain unauthorized access control to the application and/or system or crash the database and/or system.
    • Low Risk: Typically allows a privileged user to potentially gain unauthorized access control to the application and/or system or crash the database and/or system.
    • Informational: Identifies information important for a security audit of the application and/or system.
  • Database Type: Database Type references which database the vulnerability or threat is related to.
  • Version: Version references the specific versions of the database affected by a vulnerability or threat.
  • VMSKey and STIGID: VMSKey and STIGID reference unique identifiers from the Defense Information Systems Agency (DISA) STIG documents.

Back to Top

Publications

Practical Oracle Security: Your Unauthorized Guide to Relational Database Security
Co-authored by AppSec. team leaders, Josh Shaul and Aaron Ingram, Practical Oracle Security is your straightforward, comprehensive how-to manual for securing databases on the most widely deployed platform. Download the first chapter for free or purchase the book from Amazon.

Back to Top

State Regulations

From Massachusetts to California, this page covers all the recent state level legislation around database security.

Back to Top

Other Resources

  • DatalossDB.org - Leading website for data breach research
  • Privacy Rights Clearinghouse – Non-profit consumer organization that focuses on privacy protection
  • Infosec Island -  Website for IT and network professionals who manage security, risk and compliance issues
  • Threatpost - General IT up-to-the-minute news and information for IT security and networking professionals
  • DataBreaches.net - Comprehensive and regularly updated news of the latest data breaches and security issues

Back to Top

Powered by