Tightening database security to maintain members’ trust in services

It takes a long time to build a reputation in business – but only a single security incident to put that reputation at risk. Our client wanted to protect the excellent reputation it had built up among its members in the global maritime community over many years. The organisation asked us to assess its SID Oracle database (via VPN) to identify any vulnerabilities or misconfigurations that might make the database vulnerable in the event of malicious attacks by insiders.

Our IT security assessment showed that the database’s security was weak, with most of the issues relating to misconfigurations at the database level. For example, some of the database accounts used default credentials, which could help an attacker gain access to the database, and view and change the database configuration. We also found that the database stored passwords in clear text, allowing any attacker who gained access to compromise both data and applications. In addition, many of the user accounts had excessive privileges where industry standard security practice is to grant the minimum privileges necessary. Besides the configuration issues, we found a number of critical security patches were missing, leaving the database vulnerable to attack if a breach occurred.

We kept our client informed about the vulnerabilities we found during our assessment, explained the nature of the risk they created and provided recommendations on how to resolve them. By securing the database and associated applications efficiently, our client was able to take action to maintain the high levels of trust in its services it had earned among its members.

If your business requires a vulnerability assessment, speak to one of our penetration testers today or read more about our technical security and penetration testing capabilities. 

If you would like to develop your own knowledge and skills in the latest growing information security testing techniques, then find out about our range ​of expert-led cyber security training courses.​