contents

software
 
Imperva Releases Free Database Vulnerability Scanner

Imperva has announced Scuba by Imperva, a free database vulnerability scanner. Created by the Imperva Application Defense Center, an internationally-recognized security research organization, Scuba by Imperva safely identifies and documents vulnerabilities and misconfigurations in production databases.

Databases are subject to security and compliance mandates because they contain sensitive information such as customer records, credit card numbers, and corporate financials. Database assessment is the first step in establishing a secure and compliant database infrastructure. Scuba by Imperva is a software utility specially designed to support the database assessment efforts of database, compliance, and information security professionals.

Scuba by Imperva is a free, lightweight Java utility available for downloadhere. The software scans Oracle, Microsoft SQL Server, IBM DB2, and Sybase databases for hundreds of vulnerabilities that facilitate SQL injection, buffer overflow, and other attacks. It also detects configuration problems like insecure passwords, unsafe processes, unrestricted permission levels, and more. Scuba by Imperva contains over 350 database assessment tests and additional tests will be periodically added by the Imperva Application Defense Center.

Scuba by Imperva is safe to use on production databases. It was designed to support only legitimate assessment activity by authorized corporate staff. It requires a valid database administration login and password and only tests for the existence of conditions that comprise vulnerabilities. Scuba by Imperva does not run exploits against the database or provide information useful to exploiting the vulnerabilities it finds.

Users simply download Scuba by Imperva and configure the software on their PC by entering the IP address of the database they want to assess along with a database administrator username, and password. Within minutes, Scuba by Imperva generates reports that address the needs of security, compliance, and database staff or management.

Scuba by Imperva is designed to be accurate and specific to the deployment characteristics of each database. Scuba by Imperva goes beyond simply checking for the database version number and reporting a standard list of vulnerabilities. Scuba by Imperva checks to see if each vulnerable object is actually installed and whether it can be accessed by a non-privileged user. Only if both conditions are true will the tool report the existence of the corresponding vulnerability.

Scuba by Imperva reports are available in HTML and Java, and enable the prioritization of vulnerabilities and misconfigurations. A summary report provides an overall risk assessment of each database, including the total assessments passed and failed, and a distribution of discovered vulnerabilities by severity. A detailed report includes pass/fail results for each vulnerability test as well as a high, medium or low severity ranking.

Scuba by Imperva helps organizations comply with industry and government regulatory mandates. An initial assessment provides a prioritized list of vulnerabilities and configuration issues that need remediation. Once the issues are addressed, Scuba by Imperva can be run again to generate reports documenting effective best practices are being practiced to secure sensitive databases.



write your comments about the article :: © 2007 Networking News :: home page