DATABASE PENETRATION TESTING

Brisk Infosec’s Database Penetration testing is an integral approach which provides systematic and proactive security to the database. Brisk Infosec’s penetration testing reduces the risk associated with
both web and database specific attacks and support compliance with relevant standards, laws & regulations. Leveraging an open-source or commercial database vulnerability assessment tool along with manual testing to discover known database security vulnerabilities.
Brisk Infosec’s database security testing is to prevent undesired information disclosure and modification of data while ensuring the availability of the necessary service.

The types of databases we test include:

1. SQL
2. MySQL
3. Oracle
4. Sybase
5. MongoDB
6. PostgreSQL

NEED

Databases hold valuable business assets such as sensitive customer data, payment card details, product and pricing data, employee records, blueprints, intellectual property and supplier information.

  • These data shouldn’t end up in the wrong hands or be compromised in other ways; it can cause you to be left facing financial and reputational damages.
  • Database Penetration testing should ideally be conducted on a regular basis and not just at the point of going live with a new database.
  • The information contained within these databases is not only critical from a confidentiality, integrity and availability perspective but is essential to the company’s ability to operate as a going concern and requires specialist knowledge to identify the risks associated with a data breach.
  • Recent years has seen a marked increase in the number of reported cases of data repositories being targeted or in the worst case scenario, compromised.

METHODOLOGY


Brisk Infosec’s Database Penetration testing methodology are as follows

  • We do Black Box and White Box database penetration testing.
    • Black box security test will be done based on without login like external attacker
    • White box with the given credentials we do the security testing.
  • Authorization control
  • Access control – connection verification,
  • Access control – request verification
  • Password Policy
  • Privileges and Roles
  • Configuration management
  • User Account Management
  • Verifying the secure connections
  • Verifying the security plugins
  • Auditing

STANDARDS

We follow the OWASP standards for Database Penetration testing.

BENEFITS

BENEFITS

Helps to identify the security flaws in your database. Improvising the security posture of your databases, enable to identify the issues in confidentiality, integrity and availability of your database

FAQ

When do we need to perform Database Penetration Testing?
Database Penetration Testing should ideally be conducted on a regular basis and not just at the point of going live with a new database. The information contained within these databases is critical from a confidentiality, integrity and availability perspective which may completely damage organisations reputation and financial areas.
Why do we need to perform Database Penetration Testing?
The ultimate goal of an attacker targeting your organisation is to acquire access to your databases storing critical business information. This is often achieved through an application defect or via direct network access. Therefore Database Penetration test is a must.
What types of databases pen test is performed?
The type of Database penetration test we perform is

  • SQL
  • MySQL
  • Oracle
  • Sybase
  • MongoDB
  • PostGres

What type of phases Brisk Infosec conduct in Database penetration testing?
The 3 key stages of testing that Brisk Infosec conduct are:

  • Enumeration
  • Exploitation
  • Remediation

What is Brisk Infosec’s perspective in doing Database Pentest?

  • Attacks from authorised and non-authorized internal users
  • How secure the data is contained within the database (e.g. encryption methods/hashing techniques used for storing sensitive data
  • Database hardening and security

FLYER