Database Vulnerability Assessments are integral to a systematic and proactive approach to database security. This form of penetration testing reduces the risk associated with both web- and database-specific attacks and is often required for compliance with relevant standards, laws & regulations.
The methodology typically includes:
-
- Leveraging an open-source or commercial database vulnerability assessment tool to discover known database security vulnerabilities; and,
- Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include; root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries
.
-
- Quickly identify configuration errors, default settings, coding errors, and patch management issues in an automated manner in an economical fashion;
- Capable of being run on automated, regular basis to provide baseline and ongoing vulnerability management metrics; and,
- Can be used to focus other database assessment activities on those areas of greatest concern
.
As a quick and inexpensive means of assessing the risk associated with a database that is in operation but has not (recently) gone through a broader database security assessment;
As part of an ongoing vulnerability/configuration management program, especially in support of demonstration of ongoing compliance with relevant standards/regulations;
To assess less critical databases (i.e., databases with a moderate risk profile where the risk does not justify greater extent and rigor; and,
As an information gathering mechanism to focus penetration testing or code reviews.
Because Database Vulnerability Assessments are fully “tool-based,” manual review of the findings by someone well versed in database security is usually necessary to optimally leverage the output. Contact Pivot Point to learn how our experts can help secure your company’s data.