Imperva, a provider of data security and compliance
solutions for the data center, recently announced the release of a freeware database
vulnerability scanner that detects vulnerabilities and misconfigurations for
databases such as Oracle, SQL Server, Sybase, and DB2. This freeware tool is developed
by the Imperva Application Defense Center (ADC), an internationally-recognized
security research organization.
Security in Production databases often gets overlooked
because the security staff is so caught up in making sure the operating system
is patched that database security falls to the wasteland. Secure databases are
just as important as secure operating systems. Databases contain very sensitive
information such as social security numbers, credit cards, and financials. If
this data is compromised, it could spell disaster for your corporate image.
With Scuba by Imperva,
you can download the completely free java utility (Sun
Java JRE 1.4+ ) to a client machine running Windows 98/NT/2000/XP and
connect to a database server on your network. The free tool scans for
vulnerabilities such as SQL injection, buffer overflow as well configuration
issues such as weak passwords, unsafe processes, and unrestricted permission
By simply entering the applicable IP address and proper
database login credentials of the database you want to assess, Scuba runs over
351 assessment tests and generates an easy-to-read HTML or JAVA report that
detects vulnerabilities and configuration weaknesses. The assessment report
will also provide you a severity level (high, medium, and/or low) and whether
the assessment run against the database passed or failed.
According to Amichai Shulman, CTO, Imperva, by increasing
awareness of database vulnerabilities through its free offering of Scuba, Imperva
can offer additional products for sale to help secure your infrastructure on
the back end. He went on to say that using a tool such as Scuba allows the
security professionals to empower database administrators (DBA) to make sure
databases are as secure as possible with little or no effort taken away from a
DBAs day-to-day tasks.
Scuba by Imperva is currently available at www.imperva.com/scuba and is
offered as a free download after registering. Download it today.
Imperva is a provider of data security and compliance
solutions for the data center. The Imperva product line provides an automated
and transparent approach to protecting and controlling sensitive data
throughout transactional data systems. The Imperva database and Web application
appliances are deployed in leading financial, retail, telecommunications, healthcare,
and government organizations around the globe. Founded over five years ago by Shlomo
Kramer, recently named one of the 20 luminaries who changed the network
industry, Imperva is a solid, privately held company with growing revenues and
backing from Accel Partners, Greylock Partners, US Venture Partners, and Venrock
Associates. For more information, visit www.imperva.com.
See All Articles by Columnist Steven S. Warren