Security Assessment

The application system is a client-server application. The clients run on Windows XP and the Database server is on Oracle 9i. What are security checklist to access the application & security checklist for the database.
The objective is to access the security of the application, and if there is vulnerabalities.
Can someone point me to both of the checklists.

ArifnorAsked:
Who is Participating?
 
ArifnorAuthor Commented:
Hi Sarang,

Your list are good. But would be better, if you can add few more checklists (even a generic will be fine) on application security (what are those security functionalities that must be there at the client & the server) & also Oracle Security Checklist.

I am waiting for your response. Thanks.
0
 
sarangk_14Commented:
Hi,

I have included the oracle checklists (last 2 items) in my previous post.
Can you provide more details on the platform used for the application?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
ArifnorAuthor Commented:
Hi,
The client platform is on Windows XP, The database server is Oracle 9i running on top HP_UX 11, Domain Servers running on Windows 2003.
BTW, I cannot access cissecurity, as I am not a member, can you pass those document to me :-).

Hope to get positive response, especially cissecurity documents.
0
 
sarangk_14Commented:
Well, the membership to CIS is free, you just need to register on the web-site.
0
 
sarangk_14Commented:
A small correction, the membership is not free, but you can register on the links page and download the documents free of cost.
0
 
ArifnorAuthor Commented:
Thanks Sarang,

Any last advice from you in term security assessment before I close the question and accept as a solution. Especially on HP-UX & Oracle.
0
 
sarangk_14Connect With a Mentor Commented:
Visit the NIST NVD (National Vulnerability Database) for guidance more on DBs and O/Ss.
For App Sec purposes, OWASP and SANS websites can be life-savers.
http://nvd.nist.gov/
www.owasp.org/
http://www.sans-ssi.org/

Warm regards,
Sarang
0
 
ArifnorAuthor Commented:
Execellent resource link for everyone.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.