Database Vulnerability Assessment

Databases represent organizations’ valuable information vaults, but the complexity of database functionality and the lack of technical awareness concerning database security, results in database applications being one of the most commonly misconfigured applications. A Database Vulnerability Assessment discovers database applications within your infrastructure and then assesses their security strength.

During a Database Vulnerability Assessment, which is almost always performed in conjunction with an Internal Network Vulnerability Assessment, the lead Networks Unlimited Security Auditor assigned to your project performs testing in three phases. If needed, he first discovers the database applications within your infrastructure, using a specialized database vulnerability scanning and assessment tool. A Penetration Test is then conducted, generally on a sample of your databases. The tool is initially configured to run without the benefit of a database account and attempts to access the selected databases using information the databases supply.

Once the Penetration Test phase is complete, a Security Audit is performed. For this phase, the tool is configured to access the databases in the security context of a database administrator or SA account. This approach provides actionable information on inherent vulnerabilities and database configuration elements which cause your databases to be vulnerable to attack, or fail to comply with your information security policy.

The Security Auditors detail application and technical security issues and include recommendations to resolve issues. An important task completed during this phase is the identification and documentation of false positive results. The deliverable is reviewed and checked by multiple members of the project team. Every project team has at least one Security Auditor with a Certified Information Systems Security Professional (CISSP) certification and one Security Auditor with a Certified Information Systems Auditor (CISA) certification.

You’ll receive a comprehensive report in both hardcopy and electronic form, that outlines all vulnerabilities, prioritizes them by risk level, and explains how to remediate each problem. Actual scripts generated by the database vulnerability scanning and assessment tool are provided to ease the effort of fixing security holes and misconfigurations. The Vulnerability Assessment findings are presented and reviewed with you and your designated personnel to ensure they are well understood.

Using Networks Unlimited Database Vulnerability Assessment Services, your IT staff can proactively secure your database applications without investing in expensive security tools and training, or devoting hours to scanning, testing, checking for false positive results, reporting, or maintaining expensive information security experts on staff.

Recent Articles:

Healthcare Info Security: Inside An Internet Risk Audit

Network World: Inside A Data Leak Audit

CPA Firm's Client Data Isn't As Secure As They Think

Networks Unlimited, Inc. | 877-210-8885 | audrey@networksunlimited.com
Security Audits | Solutions & Support | Privacy Regulations | Security Articles | Company | Contact Us | Home
Copyright 2010-12 Networks Unlimited, Inc.