Most of the critical business data assets of any organization are located in databases, therefore hackers target them in order to gain access to confidential information.
However, most organization tend to manage databases as infrastructure rather than as an application (OSI layer 7) and therefore, all it takes is to get hold of user and password in order to gain access. From that point, critical information exposure, falsification or manipulation is made possible.
The vulnerabilities exposed in critical databases' audit, show IT personnel how important database security is and how meticulously it needs to be handled.
The audit objective is to discover of application level breaches in the database such as:
- Easy to crack usernames and passwords
- The ability of the users to promote their privilege
- Administrator privilege granted to users without any functional reason
The audit simulates database hacking from both external source (hacker) and an inside threat (unauthorized user) and doesn’t require any server side component installation.
The report, which is usually provided within a few days after the audit, includes detailed vulnerabilities' analysis and practical comprehensive recommendations to mitigate them which are prioritized based on the risk factor.
Supported databases: Oracle SQL, MS SQL, My SQL, Sybase, DB2 and more.
Threat sources: external (hackers or users without privilege access), internal (users with access privilege).