postgresql

PostgreSQL is commonly found in both high availability large applications and smaller web-based applications. More often found in applications based on the Django framework, PostgreSQL provides extensive security functionality but this is often unused. Mandalorian’s PostgreSQL Security Review service provides a comprehensive assessment of PostgreSQL database security.

The Mandalorian Approach

Following an initial scoping meeting or call, we provide a fully scoped quote for your PostgreSQL Security Review. Our consultants perform the work in accordance with the agreed scope. Once complete, our consultants produce a report with a high level executive summary, detailed technical section and appendices for any relevant observations requiring further detail.

Typical Findings

While conducting PostgreSQL Security Reviews, Mandalorian consultants encounter many different types of weakness. Items often identified include:

  • Weak or null passwords for database users
  • Excessive role or schema positions
  • Cryptographic weaknesses
  • Public schema accessible by all users
  • Listener bound to all network interfaces
  • Weak authentication methods in pg_hba.conf

Why Choose Mandalorian?

Mandalorian have years of experience hardening, testing and running PostgreSQL databases. We regularly test applications built using PostgreSQL and use it internally. Despite our expertise this isn’t the main reason our customers choose us. Our customers choose us because of our incredible support. We’re flexible and work around your needs to create a bespoke assessment that suits you best. That’s why our customers keep coming back.

Next Steps

Call us now on 01256 830 146 or give us a few details about when your next health check is due and how we can help and we’ll get back to you asap.