Database Auditing

Companies store their critical data in databases, and conducting a comprehensive assessment can be a complex task, requiring specialist knowledge and skills. Matta has experience in testing different types of databases, and to varying degrees of depth. Three levels of testing Typically during an internal network-based assessment, if a database is encountered, it is standard practice to ensure the basic configuration of that database is secure. This will include tests to ensure the database is patched and up to date, as well as tests for password weaknesses, and default settings.

However, if a greater level of assurance is required - as is often the case when the nature of the data stored is considered, then a deeper level of testing is necessary. The exact details of each level can be discussed with your Matta Account Manager, but in brief the levels can be described as:

• Level 1 - network based tests, checks default passwords, patch levels, etc
• Level 2 - as above, but also reviews DB config in line with security best practices
• Level 3 - adds architecture and schema review, encryption implementation, etc

Databases often hold your most important data, so ensuring they are secured should be a top priority