DATABASE PEN TESTING

DATABASE PEN TESTING

Databases hold valuable business assets such as sensitive customer data, payment card details, product and pricing data, employee records, blueprints, intellectual property and supplier information. These data shouldn’t end up in the wrong hands or be compromised in other ways. it can cause you to be left facing financial and reputational damages.

Database Penetration testing should ideally be conducted on a regular basis and not just at the point of going live with a new database.

The information contained within these databases is not only critical from a confidentiality, integrity and availability perspective but is essential to the company’s ability to operate as a going concern and requires specialist knowledge to identify the risks associated with a data breach.

SERVICES OFFERED INCLUDE

The main target of database security testing is to find out vulnerabilities in a system and to determine whether its data and resources are protected from potential intruders. Security testing defines a way to identify potential vulnerabilities effectively, when performed regularly.

Given below are the primary objectives of performing database security testing

  • Authentication
  • Authorization
  • Confidentiality
  • Availability
  • Integrity
  • Resilience

OUR APPROACH

We perform Black Box and White Box database penetration testing.

  • Authorization control
  • Access control – connection verification
  • Password Policy
  • Configuration management
  • Verifying the secure connections
  • Access control – request verification
  • Privileges and Roles
  • User Account Management
  • Verifying the security plugins
  • Auditing
  • Intrusive attacks to find database leaks

We follow owasp standard while pen testing and auditing database security.

Features of our Database Security Testing

  • Customer driven
  • Assists in understanding how security measures compare to standards and compliance e.g. PCI, SOX
  • Enables more informed decisions to be made when managing the company's exposure to threats
  • Provides recommendations for reducing exposure to currently identified security risks
  • Business and technically focussed report
  • Non-intrusive processing
  • Provides demonstrable segregation of duties
  • Assessments have a named consultant appointed for the duration of the assignment
  • Follows proven best practices
  • Can be performed without the need for consultants to be onsite
  • No requirement for remote access
  • Can be performed on a production database during normal operation
  • Tamper detection

DELIVERABLES | WHAT DO YOU GET?

1. Security Lock

2. We will provide 2 reports for every scan performed

Detailed Report – This is a technical report after completion of the pen test. The report will highlight the weaknesses in the Web Application that affect the availability, reliability and integrity of information assets. It will also provide the solutions for covering each identified risk. This report will contain the following:

1. Categorization of weaknesses based on risk level

2. Details of security holes discovered

3. Emergency quick-fix solution for discovered vulnerabilities

Executive Report – It gives the bird eye view for the complete assessment done which contains overall details of the identified vulnerabilities, operational impact of each vulnerability, potential financial impact along with the criticality of the identified gap. It also gives suggested priorities for the patch work.

  • WHAT DO WE PROMISE?

    Secugenius employs a wide variety of tools and techniques to carry out penetration testing. Each and every test is carried out by skilled security testers and the results are manually verified before communicating to you. The end result is you get comprehensive and accurate understanding of your security posture and can immediately take mitigating steps for closing any identified weakness.