1

Database Security and Computer Programming

Name

Instructor

Course

Date
 2

Task 1

Security Risks in Database Systems

A database is a first level store of data and is well perceived as necessary for the

functioning of the modern organism. However, these accounts are also the most targeted for

fraud since they contain information that is pertinent to the accounts. There exist many sorts of

security risks that can be taken in database systems and here are some of them. Illegitimate

access is another problem due to different ways used in storing and managing data electronically.

This can be done if insiders have low authorization access to the data and come across this data

maybe because of the lack of sufficient identification and authentication measures or due to

vulnerabilities present in the DBMS. One of the most popular techniques in this regard is SQL

injection which aims at preventing the login mechanism or at gaining access to more information

than an unauthorized person is allowed (Gupta et al., 2020).

Another preventable risk that could lead to death is data leakage, which can be because of

hacking by a hacker or due to the negligence of insiders. In addition, data can be exposed when

there is a weak setup of a database system in place. For instance, unsecured cloud databases,

which can be attacked via the public internet, are something that hackers are very fascinated with

(Ali et al., 2021). Another threat that is common is corruption of data and loss of data. This can

be instigated by malware and more so ransomware attacks where the data gets locked down and

only the keys can unlock it, but this comes with a price. However, power and hardware failures,

natural disasters, and mistakes of the people also become a cause of loss of data. Data protection,

therefore, involves the process of ensuring that data remains as it was retrieved and making the

data retrievable.

Effectiveness of Information Security Concepts and Tools

 3

Numerous information security concepts and options are intended and implemented to

minimize these risks. Encryption is also a prominent security mechanism used to secure data at

rest and in transit. The encasing of the database contents means that even if hackers get a chance

to access the database, the contents they find are in an encoded form that only the keys can

decipher. To safeguard information, enhanced forms of protection that are often used are

enhanced encryption and public critical infrastructure (PKI).

Users must be restricted from viewing data, which is possible through access controls like

RBAC or ABAC. These mechanisms apply tight access control in line with the user's role or

attributes, thereby restricting access to only essential personnel who require such information

(Gupta et al., 2020). IDS and IPS are also helpful for detecting and preventing unauthorized

access and attempts. These systems watch for activity that fits a profile and can notify a system

administrator or execute operations to avoid threats (Ghelani et al., 2022).

It will, therefore, require periodic auditing and compliance scans to determine whether

the database security measures being put in place are still practical and relevant. These audits can

uncover risks and ensure that the activities related to the management of the databases conform

to conventional safety benchmarks and requirements (Murthy et al., 2020). In addition, one of

the benefits of utilizing blockchain as applied in database security is that it presents a different

perspective on data integrity and transparency. The decentralized property of the blockchain

means that all records and changes made to the database can be recorded by the blockchain,

making it very hard for any unauthorized changes to be made without detection.
 4

Task 2

Database Terminology and Categories of Control

Understanding the various terms and categories of control for database security would be

necessary. Terms that relate to database security contain authentication, authorization,

encryption, and auditing. It refers to the process by which a user can be proven to be who he

claims to be, as implemented using username and password, among other tools. Authorization

describes what an authorized user can or cannot do; in other words, it defines that user's access

rights in different database sections. Encryption is the process of transforming data in a way that

anyone who intercepts the same data cannot understand it. Therefore, such data is as secure as if

it had never been transmitted. There is a comprehensive definition of auditing, which is keeping

records of activities in the database for security and compliance checking and reporting (Gupta et

al., 2020).

Database controls are the measures and procedures designed to ensure that data stored is

secure from any unauthorized access and accurate, consistent, and easily accessible. These

controls can be categorised into three main types: They include the techniques known as

preventive, detective, and corrective control. Mechanisms such as training, safeguard

assessment, security surveys, vulnerability testing, and risk elimination or reduction are

applicable in implementing preventive controls. Some examples include access control, wherein

information availability is restricted to persons within an organization based on their function,

such as role-based access control (RBAC) and encryption, which prevents information access by

unauthorized persons (Ali et al., 2021).

 5

Task 3

Functionality of Database Tools for Various Roles in Cloud-Based Storage

In cloud-based storage solutions, different database instrument categories majorly depend

on the user's duties which might be a data custodian, data investigator, data owner, or data

incident responder. Based on its characteristics, one can infer that Data Owners focus mainly on

data access and ownership. Utilities are used to set permissions to control encryption keys and

apply legislation, e.g., the GDPR regime. It may enable a cloud dashboard to regulate access

rights and data asset usage for better control by Data Owners (Gupta et al., 2020). Data

Custodians are those individuals who are privileged to oversee proper stewardship and protection

of data. They have related tools that enable them to develop data backup, recovery, and

migration tools. They assist in maintaining the data, making data copies through the backup work

processes, and transferring the data between some environments. Features such as versioning and

replication will enhance the protective ability of the data against corruption and deletion (Ali et

al., 2021).

Concerning the notion of the Incident Responders, these individuals are interested in

detecting security occurrences and responding to them. This is because they rely on the SIEM

systems from which log data are collected and processed to make causality. These tools provide

real-time status and detailed reports, which is very useful in planning the impending incursion

that can be used for the probable breach (Ghelani et al., 2022). On the other hand, investigators

need forensic instruments that would help them look at the eventuality of the occurrences after

they have taken place. They are also employed in collecting and storing documents and

information, as well as in categorising and reporting breach incidents. The kind of functionalities
 6

plays a central role in making the exploitable blind-spots analyses and the capability to prevent

future mishaps (Murthy et al., 2020).

 7

Task 4

Popular Computer Programming Languages

Computer programming languages are a prerogative that allows the creation of various

types of software, websites, applications, and other technologies. Some programming languages

have become popular because of their features and usage in the industry. Python is considered

one of the most widely used languages today because of its readability and simplicity. Today,

they are used in website development, data analysis, artificial intelligence AI, and scientific

computing. Django is used for web applications, TensorFlow is used for artificial intelligence,

etc. Python has a vast collection of libraries and frameworks that make it suitable for

programmers in various industries.

JavaScript is one of the primary components of the Web Development process. It is used

to design web page designs that are highly and ever-changing. JavaScript frameworks, including

React and Angular, add to the ability of JavaScript to create more comprehensive web

applications. It is popular because it executes in any web browser and represents an essential

language for front-end development (Sandhu, 2021).

Java is a neutral, well-established, and object-oriented language popular in the enterprise

domain for developing LOBs. Thanks to the Java Virtual Machine (JVM), it is widely used

because it can be easily integrated across multiple platforms. Java is also used to develop

applications in the Android operating system using Android Studio (Murthy et al., 2020).

C++ is an object-oriented programming language based on C. It is widely used in

Systems/Software development, game development, and other high-performance applications.

Due to this, it is preferred in the development of operating systems, drivers, and high-

performance applications because it can directly deal with hardware and memory.
 8

Ruby is characterized by its simplicity and productivity. Gems are the packages in Ruby

that make it the language behind the Ruby on Rails framework for constructing web applications.

This is evident in Ruby, where the focus is placed more on convention than on configuration, all

in a bid to make developers write less and get more (Ali et al., 2021).

Relationship Between Programming Skills and Hacking

Script Kiddies, a term used to refer to junior hackers with little hacking experience, rely

on scripts and tools developed by other programmers. These scripts are often created in simple

languages, such as Python or Perl, and can be easily changed. Although the script kiddies may be

ignorant of the hidden code, the scripts shed some light on how people with basic programming

knowledge can hack (Gupta et al., 2020).

Software developers or IT gurus in areas related to hacking or security may be conversant

with several computer languages. For instance, it is crucial to gain proficiency in C/C++

programming languages to study system-level problems and create effective working exploits for

the operating systems. It is preferred at automation scripts and tools for penetration testing for

several reasons: simpler; more libraries available. JavaScript is often employed in Web attacks

such as XSS and CSRF, because the frequency of using JavaScript in Web applications has risen

(Thapa & Camtepe, 2021).

Knowledge of ASM or Assembly Language is also important in the day-to-day activities

of hackers, who are involved in reverse analyses and exploits. Assembly provides a detailed

insight into the interaction of software with hardware, and hence is highly useful when it comes

to creating detailed exploits at the code level and understanding the exploitable conditions

(Murthy et al., 2020). In addition, there are such notions as ethical hacking, which means the

attempt at making the systems more secure by challenging them to hack or programming a lot.
 9

Such IT specialists as penetration testers or ethical hackers use coding skills when developing

applications, writing scripts, designing tools, and considering the challenges they face. Their aim

is to mitigate threats by assessing and controlling potential risks to the systems before their

implementation (Ghelani et al., 2022).

 10

Task 5

Python is a high-level interpreted language common among programmers due to its clear

code and versatility, and it can be used for a wide variety of tasks. Because of simple language,

basic commands, and available libraries, it is used in areas such as websites, data purposes,

intelligence purposes, calculations, and scripts, among other places. Python provides tools like

Scapy, Requests, Beautiful Soup, etc., for the execution of penetration tests and network analysis

for vulnerabilities, which makes it more suitable in this area (Gupta et al., 2020).

On the other hand, there have also been articles giving a negative angle to Python, which

malicious hackers have used to exercise some of their mischief. One of the famous uses of this

language is to create malware, write some dangerous scripts for computer systems, and

automatize attacks because it is straightforward to develop something using Python. For

example, PyInstaller is a plugin that helps convert Python scripts into executable programs. At

the same time, Py2Exe is also a plugin that converts a script coded in Python to a Windows

executable format. Finally, PyTroj is a toolkit that helps to develop Python trojans. Likewise, the

Python-based Metasploit and Scapy are among the frames commonly utilized by invaders for

cyber attacks (Murthy et al., 2020).

In summary, the estimations of prevalence and variability contribute to the fact that

Python is demanded not only by legal hackers, who use the language for pen-testing and code

analysis, but also among illicit users of hacker tools, who employ the programming tool for

designing malicious creations and committing cyber offences.

 11

References

Ali, B., Gregory, M. A., & Li, S. (2021). Multi-access edge computing architecture, data security

and privacy: A review. IEEE Access, 9, 18706-18721.

Ghelani, D., Hua, T. K., & Koduru, S. K. R. (2022). Cyber security threats, vulnerabilities, and

security solutions models in banking. Authorea Preprints.

Gupta, B. B., Perez, G. M., Agrawal, D. P., & Gupta, D. (2020). Handbook of computer networks

and cyber security. Springer, 10, 978-3.

Murthy, C. V. B., Shri, M. L., Kadry, S., & Lim, S. (2020). Blockchain based cloud computing:

Architecture and research challenges. IEEE access, 8, 205190-205205.

Sandhu, A. K. (2021). Big data with cloud computing: Discussions and challenges. Big Data

Mining and Analytics, 5(1), 32-40.

Thapa, C., & Camtepe, S. (2021). Precision health data: Requirements, challenges and existing

techniques for data security and privacy. Computers in biology and medicine, 129,

104130.