Database Reviews

Database Security Reviews

We offer database security reviews for all major database vendors, including Microsoft SQL Server, MySQL Server, Oracle and many more.

A miss-configured database can leave the server itself vulnerable to attack, or the data contained within the database at risk.

database-security-review

Even with a fully patched and well configured server operating system, a miss-configured database could leave the server itself exposed to attack, or expose the data the database contains.

A database review assesses the configuration of the database server operating system, the server software and the configuration of the database and its settings against industry benchmarks. 

Typical database reviews include:

  • Software version and patch checking
  • User permission and privileges
  • Password policies
  • Event auditing and logging
  • Stored procedure security
  • Data storage encryption
  • Service permissions

A database review can provide assurance that the database systems and security controls tested have been configured in accordance with best security practice and that there are no common or publicly known vulnerabilities in the target database at the time of the test.  If vulnerabilities are found these can be rectified before an attack or security breach occurs.

Testing will enable you to:

  • Manage vulnerabilities
  • Create build documents to address configuration issues in future deployments
  • Avoid extra cost and reputation damage from a security breach
  • Provide evidence of compliance with regulatory and certification standards
  • Provide assurance to customers and suppliers that their data is secure

Database reviews typically all cover the same key security controls.

Database reviews are conducted by logging into the database with credentials and reviewing settings against industry security benchmarks.

We can provide reviews for all the major database vendors such as:

  • Microsoft SQL Server
  • MySQL Server
  • Oracle
  • IBM DB2
  • PostgreSQL
  • MongoDB
  • MariaDB

We recommend that the server operating system is reviewed as well as the database, this ensures all areas of risk are covered for complete assurance.

Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.

Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.

Database Security Reviews | Database Configuration
Accredited Company
Certified Testers
Security Cleared Staff
No Cancellation Fees
Report Walk Through

Frequently Asked Questions

A typical penetration test normally targets a group of systems, operating system configurations or applications and does not always include a detailed configuration build review of the database itself that you get with a database review.

Even with a fully patched and well configured server operating system, a miss-configured database could leave the server itself exposed to attack, or expose the data the database contains.

All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.

CREST CertificationsCertified Testers
Practitioner Security AnalystsYes
Registered Penetration TestersYes
Certified Web Application TestersYes
Certified Infrastructure TestersYes

crest approved

Our CREST member status can be viewed, along with the certified tester types we have on the below link:

http://www.crest-approved.org/membercompanies/armadillo-sec-ltd


Our testers are also CHECK Team Leaders (CTL's)  or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.

CHECK StatusCertified Testers
CHECK Team Member (CTM)Yes
CHECK Team Leader (CTL) - InfrastructureYes
CHECK Team Leader (CTL) - ApplicationsYes

Our CHECK status can be viewed on the below link: 

https://www.ncsc.gov.uk/professional-service/armadillo-sec-ltd-check-service

It is recommended that database reviews or testing should be conducted annually as cyber threats are constantly evolving.

If major changes are made to the database servers, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.

Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.

Database review prices are based on the number of  servers and databases that are required to be reviewed, therefore there is not an off-the-shelf price for a database review.

For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.

We supply a full database review report, which covers the following:

  • Executive management summary - Non technical overview of issues for management board level
  • Detailed technical findings - A complete list of all issues identified
  • Affected hosts - A list of all hosts affected, including the associated network port
  • Affected database - A list of all databases affected, including any associated tables
  • Risk level - Impact, likelihood and overall risk ratings are listed for each issue
  • Examples - Output or screenshots to demonstrate the issue
  • Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist

A sample report can be supplied upon request.

We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.

We offer the full range of cyber security testing services

Ready to discuss your project?

misson banner scs
Database Security Reviews | Database Configuration