Question: How do I prepare a database audit? I need to review regularly database security and configurations.
Answer: In summary, a database audit is made up of SELECT statements which report database security details. For example, access to a sensitive stored procedure which displays customer financial details or a database configuration which exposes a risk to dropping the database.
Part of the skill of preparing a set of SELECT statements for database details is in the preparation
Use this list as a guide to structure the database audit
1) Do you understand the applications?
3) Inventory of server hosts
4) Prepare SELECT privileges to the tables
5) Execute the SELECT statements and gather the information
6) Do you understand potential vulnerabilities , such as SQL Injection or buffer over flow ?
7) Dangers of elevated privileges
8) Null passwords dangers
9) Knowledge of the network infrastructure