DatabaseManagement Systems (DBMSs) provide access con- trol mechanisms that allow database administrators (DBA) to grant application programs access privileges to databases. However, securing the database alone is not enough, as at- tackers aiming at stealing data can take advantage of vul- nerabilities in the privileged applications and make applica- tions to issue malicious database queries. Therefore, even though the access control mechanism can prevent applica- tion programs from accessing the data to which the pro- grams are not authorized, it is unable to prevent misuse of the data to which application programs are authorized for access. Hence, we need a mechanism able to detect mali- cious behavior resulting from previously authorized applica- tions. In this paper, we design and implement an anomaly detection mechanism, DetAnom, that creates a profile of the application program which can succinctly represent the ap- plication's normal behavior in terms of its interaction (i.e., submission of SQL queries) with the database. For each query, the profile keeps a signature and also the correspond- ing constraints that the application program must satisfy to submit that query. Later in the detection phase, whenever the application issues a query, the corresponding signature and constraints are checked against the current context of the application. If there is a mismatch, the query is marked as anomalous. The main advantage of our anomaly detection mechanism is that we need neither any previous knowledge of application vulnerabilities nor any example of possible at- tacks to build the application profiles. As a result, our De- tAnom mechanism is able to protect the data from attacks tailored to database applications such as code modification attacks, SQL injections, and also from other data-centric attacks as well. We have implemented our mechanism with a software testing technique called concolic testing and the PostgreSQL DBMS. Experimental results show that our pro-filing technique is close to accurate, and requires acceptable amount of time, and that the detection mechanism incurs low run-time overhead.