Imperva releases freeware database vulnerability scanner
February 28, 2007
Imperva, a provider of data security and compliance solutions for the data center, recently announced the release of a freeware database vulnerability scanner that detects vulnerabilities and misconfigurations for databases such as Oracle, SQL Server, Sybase, and DB2. This freeware tool is developed by the Imperva Application Defense Center (ADC), an internationally-recognized security research organization.
Security in Production databases often gets overlooked because the security staff is so caught up in making sure the operating system is patched that database security falls to the wasteland. Secure databases are just as important as secure operating systems. Databases contain very sensitive information such as social security numbers, credit cards, and financials. If this data is compromised, it could spell disaster for your corporate image.
With Scuba by Imperva, you can download the completely free java utility (Sun Java JRE 1.4+ ) to a client machine running Windows 98/NT/2000/XP and connect to a database server on your network. The free tool scans for vulnerabilities such as SQL injection, buffer overflow as well configuration issues such as weak passwords, unsafe processes, and unrestricted permission levels.
By simply entering the applicable IP address and proper database login credentials of the database you want to assess, Scuba runs over 351 assessment tests and generates an easy-to-read HTML or JAVA report that detects vulnerabilities and configuration weaknesses. The assessment report will also provide you a severity level (high, medium, and/or low) and whether the assessment run against the database passed or failed.
According to Amichai Shulman, CTO, Imperva, by increasing awareness of database vulnerabilities through its free offering of Scuba, Imperva can offer additional products for sale to help secure your infrastructure on the back end. He went on to say that using a tool such as Scuba allows the security professionals to empower database administrators (DBA) to make sure databases are as secure as possible with little or no effort taken away from a DBAs day-to-day tasks.
Scuba by Imperva is currently available at www.imperva.com/scuba and is offered as a free download after registering. Download it today.
Imperva is a provider of data security and compliance solutions for the data center. The Imperva product line provides an automated and transparent approach to protecting and controlling sensitive data throughout transactional data systems. The Imperva database and Web application appliances are deployed in leading financial, retail, telecommunications, healthcare, and government organizations around the globe. Founded over five years ago by Shlomo Kramer, recently named one of the 20 luminaries who changed the network industry, Imperva is a solid, privately held company with growing revenues and backing from Accel Partners, Greylock Partners, US Venture Partners, and Venrock Associates. For more information, visit www.imperva.com.