Database Pen Testing

Database Pen Testing

Database servers hold the heart of company’s assets such as the business critical and sensitive data. It can be either credit card details, or product and pricing data, engineering drawings, employee personal records or the supplier information. Loosing this data to preying hackers can cost financial and reputational losses to the firm.

Why database penetration testing (VAPT) is needed?

This is often an area of security that doesn’t receive the level of attention and focus that required. It can be due to incorrect security designing, or shear negligence from technical standpoint. It is often the case that the largest and most frequent threats to the integrity of this data come from within an organization or its associated companies.
Database penetration testing starts with vulnerability assessment, followed by detailed study of how the database can be hacked into. Such a testing should be done on a regular basis and not just at the point of going live with a new database.

Technical team at Valency Networks looks at security from a range of perspectives including:

• Attacks from authorized and non-authorized internal users
• How secure the data is contained within the database (e.g. encryption methods/hashing     techniques used for storing sensitive data)
• Database hardening and security

The 3 key stages of testing we conduct are :


• Enumeration

• Exploitation

• Remediation


The types of databases we test include :




• Oracle

• Sybase

• MongoDB

• PostGres