As more organizations leverage
the Internet for business and commercial transactions, attackers are focusing
on database and web applications to penetrate corporate security controls. Historically,
developers have focused on functionality over security, which has presented an
entirely new venue for attackers to launch exploits and compromise systems and
information.
Databases
frequently contain business critical information such as customer names, company
account information, credit card details etc. Over the last few years there has
been an ever increasing awareness that databases are being targeted by professional
hackers for financial gain. Greater demands for 24 hour access to business applications
by vendors, suppliers and customers has greatly increased the number of databases
and the number of people and applications requiring access to the information
contained within the database. Databases are complex pieces of software with vulnerabilities
which can be exploited by criminals who are determined to access your critical
business information
Service Description
Digivera's DVAudit-db Database vulnerability assessment and compliance service
provides a customized, extensive, impartial, and periodic security analysis of
your database applications and servers. This service evaluates current security
standards and levels of compliance to give organizations a well-developed matrix
of existing threats, database application vulnerabilities, and real-world recommendations
to address specific weaknesses. In addition, we use a library of proprietary tests,
custom and commercial developed tools to check for vulnerabilities that cannot
be identified through automated means.
The
Digivera Advantages
Digivera's
DVAudit-db services are performed only by experienced and credentialed professionals,
most of whom are CISSPs, CISAs, Solutions Architects and database administrators.
All this is put to work for you; we go beyond the basic database assessment to:
 | Demonstrate
due diligence for regulatory compliance (as applicable); |
| Assure
databases and servers systems are sufficiently hardened; |
| Deliver
actionable findings and strategic recommendations; |
| Provide
knowledge transfer to your internal security resources; |
| Utilize
dedicated senior project team with global recognition in the security industry. |
Service
Benefits
Some
organizations believe databases have security built in or are "good to go" out
of the box. This is not usually the case. In fact, it is rarely true. Digivera's
database administrators, security and solutions architects help put the security
back into your database applications:
| Digivera
does not use or rely on open source tools and scanners for database assessments
scanning because of their relative immaturity. All our testing is performed via
our automated On-Demand or Managed Service which provides 100% testing coverage,
accuracy and backed by experienced security professionals. |
| Digivera
performs comprehensive threat analysis to identify key assets needing protection
and defines security threats to those assets. |
| Digivera
will provide you with a detailed report on security vulnerabilities along with
architectural and operational weaknesses identified. Our findings report also
provides detailed explanations of countermeasures necessary to secure databases,
data assets, and resources, and outlines policy recommendations to ensure long-term
compliance with industry best practices. |
Assessment
Coverage Areas
| Database
discovery (asset/inventory discovery) |
| Support
for all major database platforms (MySQL, Oracle, Sybase, IBM DB2, IBM DB2 on Mainframe,
Microsoft SQL Server, Lotus Notes/Domino) |
| Pinpoint
database vulnerabilities via penetration testing (non-credentialed, outside in
scans, i.e. hacker’s view) |
| Database
auditing (credentialed scans) Job/scan scheduling |
| Prioritize
remediation activities |
| Protect
unpatched systes with real-time controls |
| Harden
databases |
| Document
and streamline compliance |
| Insecure
storage and transport |
| Unvalidated
input |
| Buffer
overflows |
| Denial
of service |
Database
Vulnerabilites
Database
Server Vulnerabilities
At
Digivera, we make security manageable.
