Archive for July, 2012


With the wide spread of the activity by hacktivist groups and nation-state attacks, data breaches incident once again hit the industry headlines.To ensure you are well prepare or have preventive initiative or system in place to protect you being one of them showcase in the media.

Below is the quick checklist how ready you are or you need to have initiative to work on as part of your overall database defense strategy, or for your database security audit, risk and compliance management.

  1. Devise a Database Security Plan (scan it with the latest database security scanner to know your overall security posture in term of database security risk, you can always contact E-SPIN consultant for the advisory on this).
  2. Fix Default, Blank, and Weak Passwords (based on the database security scan and audit result)
  3. Regularly Patch Databases (based on the database security audit recommendation and cross check with the database vendor, whether they have up to date patch available for the security patch or fix)
  4. Minimize Attack Surface (based on the database security audit and follow the recommendation to perform the recommended change or best practices)
  5. Review User Privileges (based on the database security audit based on the user right review to get the complete insight or detect abnormal user privileges – no all the generic or open source database security scanner can perform this, you need purpose built database scanner for the in depth user right review)
  6. Locate Sensitive Information (based on the purpose built database security scanner scan, it will auto discover which database contain sensitive information and need to take special care due to regulatory compliance – with the commercial market leading database security scanner E-SPIN represented, you can discover it on the fly)
  7. Encrypt Sensitive Data at Rest and In Motion (good commercial database security scanner can advice based on your scan result what should do or in place for encrypting data in motion and retain in the database or storage).
  8. Train and Enforce Corporate Best Practices (based on the database security scan result and recommendation to work out the standard operating procedure, best practices or attain database security training or subscribe for the E-SPIN tailor made database security training class or workshop to gain first hand experience how to perform database security best practice).


E-SPIN Book Professional Reading on Database Security - Database Activity Monitoring, Database Vulnerability Assessment, Auditing and Scanning

E-SPIN Book Professional Reading on Database Security – Database Activity Monitoring, Database Vulnerability Assessment, Auditing and Scanning

If you want to access to the full detailed topic over of the above information, please feel free to subscribe for our free newsletter and get access to the professional reading book: database security. The book is cater for database activity monitoring, database vulnerability assessment, auditing and scanning absolutely free for subscriber.

Read Full Post »

Tenable SecurityCenter

Large enterprises, companies and organizations that utilize the Tenable Network Security because it can help address the threat of modern malware and the increasing prevalence of targeted attacks stand to gain in a number of important ways. By using this solution, Tenable Network security can:

  • Reduce risk or common attack paths used by modern malware and targeted attackers can be identified and closed thereby reducing the window of opportunity for hackers, spies, and thieves.

  • Reduce TCO by proactively reducing the number of security incidents an organization has and improving operational efficiency, with Tenable there is no need to invest in separate attack path analysis or penetration testing tools.

  • Demonstrate compliance whereby Administrators can fulfils and document adherence to policies, regulations, and requirements pertaining to access control, boundary defences, continuous monitoring, and truly effective vulnerability management.

 What are the Tenable Network Security Solution Benefits?

Tenable Network security solution had several compelling features or benefits such as identifying vulnerabilities, translating them into risks, communicating the risks to management and the business, remediating key vulnerabilities, and monitoring the status in a highly efficient way to fulfil the current security and business needs. These unique benefits included:

  • Gathering valuable information, without disrupting the business – Tenable’s passive monitoring provides valuable real-time information, providing better situational intelligence without disrupting the organization.
  • Developing risk metrics – Using Tenable has allowed translating vulnerabilities into risks and developing quantifiable risk metrics that can be used by management.
  • Reporting capabilities – Tenable’s reporting capabilities enable vulnerabilities to be identified and quickly communicated to the right level in the organization. Reporting allows for prioritization of which vulnerabilities to remediate, and on what time frame.
  • Satisfying customers – Use of Tenable solutions enables companies and large corporation to easily and effectively satisfy their respective customers and clients.
  • Providing great flexibility – Nessus and the Passive Vulnerability Scanner provide the ability for users to write custom scripts or modify Tenable-provided scripts. This flexibility is extremely useful. In addition, Tenable is highly scalable, providing with great flexibility of security measurements and also increase the efficiency and effectiveness of the business operation

 Where can I get the Tenable Network Security solution?

To purchase the Tenable Network Security Solutions and products, E-SPIN is actively promoting Tenable Network Security full range of products and technologies as part of the company Vulnerability Management and Security Management solution portfolio – for vulnerability assessment, unified security monitoring (USM) – intergrated vulnerability management, SIEM, Compliance Management.(http://www.e-spincorp.com/espinv3/index.php/tenable-network-security).

We also provides consulting, supplying, training and maintaining Tenable Network Security products for the enterprise, government and military customers or distribute and resell as part of the complete package to  other regions.

The enterprise ranges from university, government and also enterprise IT security professionals on the vulnerability assessment, penetration testing, or IT security company on the security audit and security operation center (SOC) for SIEM, Compliance Management to Unified Security Monitoring or cyber security / cyber warfare / military security defense operation center unified security and operation monitoring.

Read Full Post »

vulnerabilities threats model

Today’s high-tech network security appliances ensure a great job of keeping the vulnerabilities threats from invading your business. These vulnerabilities threats can increase the level of vulnerabilities and penetrates to your host system and network assets to obtain the confidential info and utilized illegally for their own benefits.

Where do these vulnerabilities generated from?

  1. USB thumb drives – The ubiquity of thumb drives hackers to develop targeted malware, such as the notorious Conficker worm, that can automatically execute upon connecting with a live USB port
  2. Hardware, Laptop and netbooks – With a handy Ethernet port for tapping directly into a network, a laptop may already have malicious code running in the background which is tasked to scour the network and find additional systems to infect.
  3. Wireless access points – Wireless APs provide immediate connectivity to any user within proximity of the network and are naturally insecure, regardless if encryption is used or not. Protocols such as wireless encryption protocol contain known vulnerabilities that are easily compromised with attack frameworks, such as Aircrack
  4. Smartphones and other digital devices – Phones are full-functioning computers, complete with Wi-Fi connectivity, multithreaded operating systems, high storage capacity, high-resolution cameras and vast application support. However, these devices also have the potential to elude traditional data-leak prevention solutions.
  5. E-mail – An electronic mail carries the messages with confidential information that can easily be forwarded to any external target which the e-mails themselves can carry nasty viruses in targeted e-mail via phishing for access credentials from an employee. These stolen credentials would then be leveraged in a second-stage attack.

What can I do to combat with these vulnerabilities threats?

To combats these harmful, dangerous, potential vulnerabilities threats, E-SPIN’s offer a comprehensive portfolio of Vulnerability Management, Risk Assessment and Compliance Assurance Solutions (http://www.e-spincorp.com/espinv3/index.php/solutions) to automate the process of vulnerability management and policy compliance across the enterprise to keep your host system and network assets safe and secure from these vulnerabilities threats by:

  • Providing network and network security device to secured laptops, netbooks or any digital devices, USB devices
  • Server and system, OS, web application
  • Database and wireless access point
  • Mobile device discovery for smart phones and other digital devices.
  • Mapping, asset prioritization, vulnerability assessment reporting and remediation tracking accordingly to business risk
  • Policy compliance allows auditing, enforcing and documenting compliance with internal security policies and external regulations.

What are E-SPIN’s Solutions offers and specialties?

  • Vulnerability Management, Vulnerability Assessment, Security Audit, Penetration Testing, Network Assessment, Network Device Audit, Web Application Audit, Database Security Audit, Wireless Network Assessment, Mobile Device Security Audit, Exploitation Management and Testing, Vulnerability Reporting
  • Automating Vulnerability Management, Enforcing IT Policy Compliance, in deep and comprehensive reporting, best of breed industry de factor solutions, maintaining regulatory compliance, Automated and Advanced Exploitation Testing.

Read Full Post »

In today’s technology world, security for database has grown extremely. Data security has become an essential for every individual who connect and uses the internet daily to transfer their data. It is necessary to have a requirement which each aspect of the operation performed through internet.

Database Security

Database security is the system that controls the access to database at certain level. The privacy of data is at risk from unauthorized users, which is external sources on the network and internal users within the companies itself.

The above is the security risks that IT professionals should aware of to protect their databases:

i) Privilege Abuse:

When database users take the opportunity for excessive privileges that exceed the        requirements of their job, then these privileges can be deliberately or accidentally being abused.

ii) Legitimate Privilege Abuse:

Through this attack, the hacker with the legitimate privilege that access to the database may misuse the information which stored in the database for their purposes.

iii) Operating System vulnerabilities:

In operating system vulnerabilities, the hacker accomplishes the vulnerabilities in the operating system to let unauthorized access to the database for mischievous reasons.

iv) SQL Injection

It shows that SQL queries are capable to prevent from access controls, by passing through standard authentication, authorization checks and also do grant access to host operating system level commands.

v) Lack of Audit Trails

When proof is weak, hackers can easily get access to database by expecting the identity of the users with strategies which is social engineering and brute force.

To find out an approach to clarify the security threats, that can help your organization to meet your database security, compliance and reporting needs, explore the information given below:

Application Security, Inc. (AppSecInc) was founded in year 2001, AppSecInc was recognized as market leading database security, risk, and compliance solutions for the enterprise. AppSecInc empowers the organizations to protect their most critical database assets.

AppDetectivePro as the leading provider of cross platform solutions for the enterprise for auditors and IT advisors, and DbProtect for the enterprise – deliver the industry’s most comprehensive database security solution.

For more information about AppSecInc – AppDetective Pro and how E-SPIN may consult and assist you on the database security requirement, please contact E-SPIN or

please go to http://e-spincorp.com/espinv3/index.php/application-security

Read Full Post »