Why Do I Need Database Security Testing?
Database servers often hold some of your organisation's most sensitive and valuable
information, such as financial and credit card data, customer or supplier details, or employee records. These
servers can be seen as the "crown jewels" of your organisation - the impact in terms of reputation
and cost could be significant should such information get into the wrong hands.
You may already undertake regular web application tests, which help protect against remote
attacks against the databases behind your web applications. That's essential work. However, there's a bigger
threat to your databases - the people that steal information and commit fraud are often internal to an organisation
or its business partners.
Of course you'd expect every organisation to have its crown jewels safely locked up against
any source of attack. Yet we often find that this is not the case. Database servers advertise themselves on internal
networks, sometimes with default passwords and unencrypted data, providing attackers with an open back door. Insiders can
steal company secrets, intellectual property or credit card details right off your network, making it critical to test
the security of your databases from inside the organisation.
No matter how careful you are, the only way that you'll be certain that your databases are
as secure as possible is to have them independently tested. Professional penetration tests should be conducted before a
database goes "live" and whenever you make any significant changes and on a regular basis (at least annually).
By engaging skilled testers, you can ensure that new vulnerabilities are exposed and fixed before the bad guys exploit them.
Database Security Test Methodology
Our database security testing and audit services are conducted by skilled professionals
using the latest tools, best practice and our own proprietary testing techniques.
- The database security health check includes the Oracle database, the operating system on which the
database is running and the database listener and Oracle networking.
- The review consists of a number of phases:
- Information gathering via interview and questionnaire
- Data gathering using custom scripts, tools and manual access
- Detailed analysis of the data gathered
- Production of a detailed management summary
- Production of a detailed summary of every issue located
At First Base Technologies we pride ourselves in being with you every step of the way in securing your databases from attack.