First Base Technologies

Contact Us
Phone 01273 454525
email

Oracle & Relational Database Penetration Testing & Audit Services



The Threat: Database Security Risks
  • Could an attacker steal credit card and customer details from your database?
  • Is your database vulnerable to SQL injection?
  • Can anyone - or anything - execute arbitrary commands on your database?
  • Can just anyone assume a DBA role on your database?
  • Is your Oracle Listener Service listening to everybody?
  • Is your sensitive data encrypted in transit and in the database as required by PCI?
How do you answer these questions?

The Solution: A Database Penetration Test


Why Do I Need Database Security Testing?

Database servers often hold some of your organisation's most sensitive and valuable information, such as financial and credit card data, customer or supplier details, or employee records. These servers can be seen as the "crown jewels" of your organisation - the impact in terms of reputation and cost could be significant should such information get into the wrong hands.

You may already undertake regular web application tests, which help protect against remote attacks against the databases behind your web applications. That's essential work. However, there's a bigger threat to your databases - the people that steal information and commit fraud are often internal to an organisation or its business partners.

Of course you'd expect every organisation to have its crown jewels safely locked up against any source of attack. Yet we often find that this is not the case. Database servers advertise themselves on internal networks, sometimes with default passwords and unencrypted data, providing attackers with an open back door. Insiders can steal company secrets, intellectual property or credit card details right off your network, making it critical to test the security of your databases from inside the organisation.

No matter how careful you are, the only way that you'll be certain that your databases are as secure as possible is to have them independently tested. Professional penetration tests should be conducted before a database goes "live" and whenever you make any significant changes and on a regular basis (at least annually). By engaging skilled testers, you can ensure that new vulnerabilities are exposed and fixed before the bad guys exploit them.


Database Security Test Methodology

Our database security testing and audit services are conducted by skilled professionals using the latest tools, best practice and our own proprietary testing techniques.

  • The database security health check includes the Oracle database, the operating system on which the database is running and the database listener and Oracle networking.
  • The review consists of a number of phases:
  • Information gathering via interview and questionnaire
  • Data gathering using custom scripts, tools and manual access
  • Detailed analysis of the data gathered
  • Production of a detailed management summary
  • Production of a detailed summary of every issue located


Hover over each segment of the diagram below to read about each stage of the testing process.

At First Base Technologies we pride ourselves in being with you every step of the way in securing your databases from attack.

More Information

You can read our FAQ on penetration testing and vulnerability analysis here

See what our clients say about us here


Contact Us
+44 (0)1273 45 45 25

CREST


ISO 27001


ISO 9001


CREST Cyber Essentials

E&OE
© 2001-2015 First Base Technologies LLP - All Rights Reserved.
First Base Technologies LLP is a limited liability partnership registered in England & Wales, number: OC352070
Website designed and mastered by
didilogix


W3 Org says this page is HTML 4.01 compliant