You have been hired as a security professional for your company. You are to crea

Question

You have been hired as a security professional for your company. You are to create and implement a white box informal database security testing schedule for the organization. Create a paper that addresses the following:
1. Create a table that includes a rotating schedule for the 12 months of security testing. Include columns that identify time estimations for each test listed.
2. Create a planning and preparation checklist common to all security tests as a whole.
3. Identify any special planning and preparation needed for each test.
4. Identify the scope for each test and identify any special considerations that need to be addressed.
5. Create a list of at least five testing activities for each audit.
6. Provide recommendations for securing the database that is the unique oracle.
7. Provide recommendations for securing the database that is unique to MySQL.
8. Provide recommendations for securing the database that is unique to SQL Server.

Explanation / Answer

White box testing

It is the testing of internal segments of application( like here database application ) that is coding segment and infrastructure. It's main purpose to strengthen the security.

Rotating schedule for 2 months is as follows:

Jan

Feb

March

April

May

Total 99 day

25

20

24

15

15

It determines how many lines of code are being tested.

Statement coverage

Function Coverage

Functioncal coverage

Branch coverage

Decision Coverage

S. No Testing Type Month Time estimation(in days) Description 1 Code Average Testing

Jan

Feb

March

April

May

Total 99 day

25

20

24

15

15

It determines how many lines of code are being tested.

Statement coverage

Function Coverage

Functioncal coverage

Branch coverage

Decision Coverage

2 Security misconfiguration testing June and Iuly 50 This is done when safeguard for the application is assembled incorrectly. This is done due to the unauthorized access occurs on default account 3 XSSS testing August and September 56 This test is perform to find whether the attacker uses the application to send malicious code which is stored in the server 4 Insecure direct object testing October 18 This is done when direct object reference occurs when a developer leaks a reference to an interior implementationobjects like database key without authentication 5 Penetration testing November and December 45 This is the testing of computer network, system and application to find vulnerabilities

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.