atreya Limited offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these databases.
The security efforts of many organisations are frequently focused on host based security measures often overlooking the security of the database. The information contained within these databases is not only critical from a confidentiality, integrity and availability perspective but is essential to the company's ability to operate as a going concern and requires specialist knowledge to identify the risks associated with a data breach. Recent years has seen a marked increase in the number of reported cases of data repositories being targeted or, in the worst case scenario, compromised. Contrary to popular belief it is not always the value of the compromised data that is the primary consideration indeed in many cases it has been the damage to the reputation of the company that has caused the greatest embarrassment and proven the most difficult to re-establish.
The DSAS service delivers a documented, comprehensive and in-depth analysis of the current security posture of existing relational databases. The report not only contains technical recommendations that can be action by database administrators but provides the primary audience of Security Managers, Auditors, Compliance Officers and members of the senior management team with sufficient information to make informed decisions that will improve the security of existing databases. In turn this will assist in ensuring that security budget is spent wisely and efficiently.
The OWASP Top 10 is a strong starting point for web application testing, but organizations should really look to go beyond this. The underlying application logic needs to be tested. Websites need to be assessed with different classes of users, to ensure that appropriate partitioning and access controls exist. Content Management Systems (CMS) and administrative functions should be assessed and a series of broader controls should be reviewed and tested.
Aatreya has tested a vast range of applications, from internal applications to external applications delivered over the internet and by mobile/cell phone.
Copyright (c) 2016 aatreya technologies. All rights reserved.