The two most common forms of attacks against databases are

A.
Injection and scripting

B.
Session hijacking and cookie poisoning

C.
Aggregation and inference

D.
Bypassing authentication and insecure cryptography

Explanation:
C: Aggregation is the ability to combine nonsensitive data from separate sources to create sensitive information. For example, a user takes two or more unclassified pieces of data and combines them to form a classified piece of data that then becomes unauthorized for that user. Thus, the combined data sensitivity can be greater than the classification of individual parts. Inference is the ability to deduce (infer) sensitive or restricted information from observing available information. Essentially, users may be able to determine unauthorized information from what information they can access and may never need to
directly access unauthorized data. For example, if a user is reviewing authorized information about patients, such as the medications they have been prescribed, the user may be able to determine the illness. Inference is one of the hardest threats to control. All of the other attacks are primarily attacks on Web applications. Pages 245246.