First Base Technologies
Home
Services
Why Choose Us?
Portfolio

Contact Us
Get Brochure
Phone 01273 454525
email

database security audit, database security testing, database penetration testing


The Threat: Database Security Risks
  • Could an attacker steal credit card and customer details from your database?
  • Is your database vulnerable to SQL injection?
  • Can anyone - or anything - execute arbitrary commands on your database?
  • Can just anyone assume a DBA role on your database?
  • Is your Oracle Listener Service listening to everybody?
  • Is your sensitive data encrypted in transit and in the database as required by PCI?
How do you answer these questions?

The Issues: Why Do I Need Database Security Testing?

Database servers often hold some of your organisation's most sensitive and valuable information, such as financial and credit card data, customer or supplier details, or employee records. These servers can be seen as the "crown jewels" of your organisation - the impact in terms of reputation and cost could be significant should such information get into the wrong hands.

Database Security Testing, database security audit, database penetration testing

You may already undertake regular web application tests, which help protect against remote attacks against the databases behind your web applications. That's essential work. However, there's a bigger threat to your databases - the people that steal information and commit fraud are often internal to an organisation or its business partners.

Of course you'd expect every organisation to have its crown jewels safely locked up against any source of attack. Yet we often find that this is not the case. Database servers advertise themselves on internal networks, sometimes with default passwords and unencrypted data, providing attackers with an open back door. Insiders can steal company secrets, intellectual property or credit card details right off your network, making it critical to test the security of your databases from inside the organisation.

The Solution: A Database Penetration Test & Security Audit

No matter how careful you are, the only way that you'll be certain that your databases are as secure as possible is to have them independently tested. Professional penetration tests should be conducted before a database goes "live" and whenever you make any significant changes and on a regular basis (at least annually). By engaging skilled testers, you can ensure that new vulnerabilities are exposed and fixed before the bad guys exploit them.

This is where we come in...

Our database security testing and audit services are conducted by skilled professionals using best practice and our own proprietary testing techniques.

Hover over the process diagram below for more information.


The types of test we can conduct include:
External Testing: can be conducted via your web application - click here for more information.
Database Audit: this is a full review using legitimate credentials you have provided for us and employing tools and techniques that are appropriate to the devices and products in use. We can also review your database account and access control policies (normally via an on-site meeting with a DBA), and associated security countermeasures against industry best practice. The test report consists of the audit findings and the results of the on-site discussion.
Database Penetration Test: using a variety of tools, the goal of this exercise is to gain access to the database and, if possible, gain administrative control over the database.
Authenticated Server Audit: this examines server operating system patch levels, vulnerabilities associated with running services, best practice for server build standards and security policy settings.
Datastream Analysis: looks at the SQL datastream between the application and database.

At First Base Technologies we pride ourselves in being with you every step of the way in securing your databases from attack.

Please note that your associated infrastructure should also be subject to regular penetration tests to maintain a good level of assurance. You can find out more about our other services here.


Download the pdf flyer here

You can read our FAQ on penetration testing here

And see what our clients say about our services here



PCI-DSS Testing get a quote
or phone Andy on +44 (0)1273 45 45 25
 

E&OE
© 2001-2010 First Base Technologies LLP - All Rights Reserved.
First Base Technologies LLP is a limited liability partnership registered in England & Wales, number: OC352070
Website designed and mastered by
didilogix


W3 Org says this page is HTML 4.01 compliant