Database Pen Testing

Database Pen Testing

Databases hold valuable business assets such as sensitive customer data, payment card details, product and pricing data, employee records, blueprints, intellectual property and supplier information. These data shouldn't end up in the wrong hands or be compromised in other ways. it can cause you to be left facing financial and reputational damages.

Database Penetration testing should ideally be conducted on a regular basis and not just at the point of going live with a new database.

The information contained within these databases is not only critical from a confidentiality, integrity and availability perspective but is essential to the company's ability to operate as a going concern and requires specialist knowledge to identify the risks associated with a data breach.

SERVICES OFFERED INCLUDE

The main target of database security testing is to find out vulnerabilities in a system and to determine whether its data and resources are protected from potential intruders. Security testing defines a way to identify potential vulnerabilities effectively, when performed regularly.

Given below are the primary objectives of performing database security testing

Authentication
Authorization
Confidentiality
Availability
Integrity
Resilience


OUR APPROACH

We perform Black Box and White Box database penetration testing.

Authorization control
Access control - connection verification
Password Policy
Configuration management
Verifying the secure connections
Access control - request verification
Privileges and Roles
User Account Management
Verifying the security plugins
Auditing
Intrusive attacks to find database leaks

We follow owasp standard while pen testing and auditing database security.


Features of our Database Security Testing

1. Customer driven
2. Assists in understanding how security measures compare to standards and compliance e.g. PCI, SOX
3. Enables more informed decisions to be made when managing the company's exposure to threats
4. Provides recommendations for reducing exposure to currently identified security risks
5. Business and technically focussed report
6. Non-intrusive processing
7. Provides demonstrable segregation of duties
8. Assessments have a named consultant appointed for the duration of the assignment
9. Follows proven best practices
10. Can be performed without the need for consultants to be onsite
11. No requirement for remote access
12. Can be performed on a production database during normal operation
13. Tamper detection


DELIVERABLES | WHAT DO YOU GET?

1. Security Lock
2. We will provide 2 reports for every scan performed

Detailed Report – This is a technical report after completion of the pen test. The report will highlight the weaknesses in the Web Application that affect the availability, reliability and integrity of information assets. It will also provide the solutions for covering each identified risk. This report will contain the following:

1. Categorization of weaknesses based on risk level
2. Details of security holes discovered
3. Emergency quick-fix solution for discovered vulnerabilities

Executive Report – It gives the bird eye view for the complete assessment done which contains overall details of the identified vulnerabilities, operational impact of each vulnerability, potential financial impact along with the criticality of the identified gap. It also gives suggested priorities for the patch work.

Every man must have a philosophy of life, for everyone must have a standard by which to measure his conduct. And philosophy is nothing but a standard by which to measure.
- B. R. Ambedkar , Indian jurist
B. R. Ambedkar