Safest Way to Penetration Test an Oracle DB with Potential Data Loss
692158Mar 28 2009 — edited Mar 28 2009Hi,
I was wondering what the safest way to protect Oracle from data loss when running a web application scan. We currently have an external company about to perform a web application scan and they warned us of potential data loss. However, we can't afford much downtime and our storage doesn't support things such as Copy on Write. What would you recommend? Do you think that something like putting the database in read-only mode for the duration of the test (2 hours) and enabling audit on all actions would be sufficient (we could then review the audit to see if any unauthorized calls were made)? Thanks.