The Database Security Checklist is an important component to the application security management plan (ASM). The DSC is the logical-and-logical-security model that integrates security policies with business logic. This model is used to determine the risks to a database, and controls the selection of recommended solutions to improve database security. The major components of the checklist are scanning, login, and test cases.
The most important part of the database security checklist is the database security scan. This step verifies that the application servers do not present any vulnerability to attacks. It also checks for application servers that have weakly protected login pages and connections to database servers. It further verifies that all server groups are members of a trusted infrastructure.
The next section of the checklist requires auditing the database for problems. Database auditing is done to check for threats against data encryption methods and implementation of smart card technology. It also checks for threats to access control lists (ACLs), permission access, and security mechanisms. The database security checklist also requires auditing of application servers for the execution of security policy and the execution of data encryption. Security audits might also be required to check for weak or hidden configuration files and weakly protected stored procedures.
The next section of the checklist requires scanning of the database for application users. This section requires scanning of running processes, registry keys, and ActiveX controls. Additional scanning is needed to check the application database for any embedded keys or references to external programs. Security audits may also be required to check for password security and source code security. The database auditing process also detects application security flaws during the development of new software products.
The final section of the checklist is dedicated to the file format. Scanning the database for security holes is done to check for corrupt DLL files, missing application files, null values in DLL files, missing information in DLL files, improper extension registration, and other database vulnerabilities. This step checks file extension validity. If a file is not of the right file format and cannot be converted into the correct format, this will also cause database corruption.
The full database security template has been designed to cover various aspects of database security. Each section corresponds to a specific risk that a company faces when it comes to its data or application. Scanning across different web sites and scanning the actual application is a good practice because it can help a company determine what kind of threats it faces. This will enable companies to come up with an effective strategy against these threats. Companies may also use different forms of protection depending on the kind of threat that exists. In general, the more threats a system faces the more protection it needs.