Home page logo
/

basics logo Security Basics mailing list archives

CASE Tools - Question
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 8 Mar 2007 15:13:30 +1100


Hello,
Currently I am using the reverse engineering function in Xcase 8.1 to
create ERD (entity relionship diagrams) for client databases so that I
can check and verify both key and operational controls over the
database.

Xcase 8.1 digrams the relationships and general features of the RDBS
very well (including entity integrity, domain integrity and relational
integrity). It details some security functions and control (such as
triggers) as is related to the business rules. It provides the Select
statements used in views and the stored procedures.

However - it does not process the authentication controls over tables
and many other typical security checks (and I understand that this is
not why case tools have been designed).

I am not interested in a database vulnerability scanner - these do not
check business rules or controls and I have tools for database
vulnerability checking.

The question is, Is there a CASE product that anyone on the list knows
of that ALSO maps the ACLs and other security controls - such as
authorisations and ownership for a database. In this it has to be able
to map the ERD - but with the ACLs as a field in the table, relations
and constraints fields?

Requirements
Supports Reverse engineering of MSSQL, MySQL and Oracle RDBMS's
ERD - Conceptual Level and ERD - Physical Level display
Relational Data Model (RDM) reporting and SQL Script reporting
But also -
        ACL and ownership information for all relationships, triggers,
tables etc
???

Thanks,
Craig

        Dr Craig S Wright DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP
G7799 GCFA AFAIM
        Nam et ipsa scientia potestas es - Knowledge is power. (Sir
Francis Bacon)
Manager - Computer Assurance Services
BDO Chartered Accountants & Advisers
Level 19, 2 Market Street,
Sydney, NSW 2001
Telephone: +61 2 9286 5555
Fax: +61 2 9993 9705
Direct: +61 2 9286 5497
<Mailto:CWright () bdosyd com au>


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.


  By Date           By Thread  

Current thread:
  • CASE Tools - Question Craig Wright (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]