Security Basics mailing list archives
CASE Tools - Question
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 8 Mar 2007 15:13:30 +1100
Hello, Currently I am using the reverse engineering function in Xcase 8.1 to create ERD (entity relionship diagrams) for client databases so that I can check and verify both key and operational controls over the database. Xcase 8.1 digrams the relationships and general features of the RDBS very well (including entity integrity, domain integrity and relational integrity). It details some security functions and control (such as triggers) as is related to the business rules. It provides the Select statements used in views and the stored procedures. However - it does not process the authentication controls over tables and many other typical security checks (and I understand that this is not why case tools have been designed). I am not interested in a database vulnerability scanner - these do not check business rules or controls and I have tools for database vulnerability checking. The question is, Is there a CASE product that anyone on the list knows of that ALSO maps the ACLs and other security controls - such as authorisations and ownership for a database. In this it has to be able to map the ERD - but with the ACLs as a field in the table, relations and constraints fields? Requirements Supports Reverse engineering of MSSQL, MySQL and Oracle RDBMS's ERD - Conceptual Level and ERD - Physical Level display Relational Data Model (RDM) reporting and SQL Script reporting But also - ACL and ownership information for all relationships, triggers, tables etc ??? Thanks, Craig Dr Craig S Wright DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP G7799 GCFA AFAIM Nam et ipsa scientia potestas es - Knowledge is power. (Sir Francis Bacon) Manager - Computer Assurance Services BDO Chartered Accountants & Advisers Level 19, 2 Market Street, Sydney, NSW 2001 Telephone: +61 2 9286 5555 Fax: +61 2 9993 9705 Direct: +61 2 9286 5497 <Mailto:CWright () bdosyd com au> Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
Current thread:
- CASE Tools - Question Craig Wright (Mar 08)