Security Basics mailing list archives
RE: Database Security Assessment
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Tue, 17 Jul 2007 22:36:52 -0700
For commercial solutions, I would second the recommendations to look into AppSec and NGS. ISS discontinued their Database scanner product ~18 months ago and the technology was picked up by AppSec and incorporated into their existing DbProtect AppScan product. NGS pretty much invented DB scanning tools and/or has been in the market for a very long time with a proven track record. On the free side, you may also want to look at SCUBA from Imperva. You don't mention what flavor of DB you're auditing and that does make a difference in what tools to look into. Depending on your budget and criteria, any of the suggested tools so far should work for your situation but take your time in evaluating the products and putting them through their paces. Hope that helps, -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Buz Dale Sent: Tuesday, July 17, 2007 11:58 AM To: sfmailsbm () gmail com Cc: security-basics () securityfocus com Subject: Re: Database Security Assessment I like AppDetective from AppSecInc.com They sem to do a good job of chekcing for a lot of stuff. Good Luck, Buz On 17 Jul 2007 11:48:58 -0000, sfmailsbm () gmail com <sfmailsbm () gmail com> wrote:Dear List, We are in the process of designing a process to audit Database security (parameter setup, audit logs, etc) Just wanted to know what tools/scripts are available to go about performing such an audit by just scanning the DB (commercial & open source) Googled on the subject, but would like to get some feedback from people who have already gone through this phase many thanks to all Ronish-- Buz Dale buz.dale () usg edu IT Security Specialist 1-888-875-3697 (In GA) 1-706-583-2005 Office of Information and Instructional Technology University System of Georgia GMT -5:00
Current thread:
- Database Security Assessment sfmailsbm (Jul 17)
- Re: Database Security Assessment Buz Dale (Jul 17)
- RE: Database Security Assessment Erin Carroll (Jul 18)
- <Possible follow-ups>
- Re: Database Security Assessment K. Brian Kelley (Jul 17)
- Re: Database Security Assessment mark (Jul 17)
- Re: Re: Database Security Assessment dbennett8 (Jul 18)
- Re: Database Security Assessment Buz Dale (Jul 17)