Security Basics mailing list archives

RE: Database Security Assessment

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Tue, 17 Jul 2007 22:36:52 -0700

For commercial solutions, I would second the recommendations to look into
AppSec and NGS. ISS discontinued their Database scanner product ~18 months
ago and the technology was picked up by AppSec and incorporated into their
existing DbProtect AppScan product. NGS pretty much invented DB scanning
tools and/or has been in the market for a very long time with a proven track
record.

On the free side, you may also want to look at SCUBA from Imperva. You don't
mention what flavor of DB you're auditing and that does make a difference in
what tools to look into. Depending on your budget and criteria, any of the
suggested tools so far should work for your situation but take your time in
evaluating the products and putting them through their paces.

Hope that helps,

--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Buz Dale
Sent: Tuesday, July 17, 2007 11:58 AM
To: sfmailsbm () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Database Security Assessment

I like AppDetective from AppSecInc.com  They sem to do a good 
job of chekcing for a lot of stuff.
Good Luck,
Buz

On 17 Jul 2007 11:48:58 -0000, sfmailsbm () gmail com 
<sfmailsbm () gmail com> wrote:

Dear List,
We are in the process of designing a process to audit Database 
security (parameter setup, audit logs, etc)

Just wanted to know what tools/scripts are available to go about 
performing such an audit by just scanning the DB (commercial & open 
source)

Googled on the subject, but would like to get some feedback from 
people who have already gone through this phase

many thanks to all

Ronish



-- 
Buz Dale                                buz.dale () usg edu
IT Security Specialist              1-888-875-3697 (In GA)
1-706-583-2005
Office of Information and Instructional Technology University 
System of Georgia GMT -5:00

Current thread:

Database Security Assessment sfmailsbm (Jul 17)
- Re: Database Security Assessment Buz Dale (Jul 17)
  - RE: Database Security Assessment Erin Carroll (Jul 18)
- <Possible follow-ups>
- Re: Database Security Assessment K. Brian Kelley (Jul 17)
- Re: Database Security Assessment mark (Jul 17)
- Re: Re: Database Security Assessment dbennett8 (Jul 18)