| DBSecWorx |
Security Code Review |
|
|
Home /
Services /
Code Review |
|
|
| |
Contemporary development environments, with Agile and DevOps, often release code as often as every few days.
Development teams perform an internal code review for stability and performance ... but they do not have expertise in database security and often miss code that could be exploited in an attack.
Even your own DBA team has little, if any, ability to examine code for vulnerabilities. Penetration tests can help but how often do you run pen-tests versus how often do you release code to production?
The solution to the challenge is not to hire an expensive FTE. The solution is to leverage a subject matter expert that can quickly review the code and coding practices for security weaknesses before the code is promoted from Dev to Test.
At DBSecWorx
we have internationally recognized experts in SQL and PL/SQL that can quickly provide an independent assessment of security related issues that would likely slip through an internal code review. Here are a few examples of things we look for:
- Use of excessive privileges
- Implicit use of NLS session parameters caused by a conversion to a CHAR or VARCHAR type
- Objects with incomplete exception handling
- Statements that are subject to SQL Injection
- Statements that can result in an internal created DDOS attack
- Code found with google and copied from malicious websites
- Password exposure
- Exposure of PII, PHI, PCI, and other sensitive data
- Failure to restrict access with Row Level Security
Contact us to find more about how this valuable service can affordably provide you with the due diligence you need to protect your data and your databases. |
|
|
|
| |
| DBSecWorx secures data and databases |
| |
Copyright © 2019-2022 DBSecWorx All rights reserved.
|
|