Home > Information Security Magazine > Hot Pick & Product Reviews > Product Review: Application Security Inc.'s AppDetectivePro
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Product Review: Application Security Inc.'s AppDetectivePro
Issue: Oct 2008
printer-friendly
< PREV PAGE   |   1  |   2  |   NEXT PAGE  >

VULNERABILITY MANAGEMENT

[IMAGE]
AppDetectivePro
REVIEWED BY MIKE CHAPPLE

Application Security Inc.
Price: $900 per database instance annual subscription fee

[IMAGE]

AppDetectivePro fills a critical niche that goes beyond conventional vulnerability scanners, performing "deep dive" inspections of database configuration to identify security issues. It's ideal for internal and external auditors, security professionals, consultants and others who need to perform on-the-fly database vulnerability assessments.


Policy ControlB  

AppDetectivePro supports Microsoft SQL Server, Oracle, IBM DB2, Sybase and MySQL. The subscription fee includes a comprehensive collection of predefined security checks for each platform.

The checks are updated only monthly, which could mean a significant lag between discovery of a serious flaw and the ability to detect it.

Users may augment the built-in policies with custom checks written in SQL.

Configuration/ManagementA  

Installation and initial configuration is straightforward. The software uses a standard installation wizard and...



works best when used with a SQL Server database to store results. AppDetectivePro offers three assessment methodologies: database discovery, penetration testing and auditing.

Database discovery allows you to scan a network for the presence of databases that may then be further assessed. Any AppDetectivePro license includes unlimited discovery scanning. You may purchase additional licenses to perform penetration tests and/or audit scans on any discovered database instances. Scan characteristics are highly customizable, allowing you to specify the ports scanned and technique for live host detection.

Penetration testing attempts to gain information about and access to the database without credentials, simulating the access an outsider might be able to gain to your network. It does not actually attempt to exploit any vulnerabilities; it just uses fingerprinting techniques to determine the database version and patch level.

The true value of the product shines through in the database audit functionality. The audit begins by retrieving a large amount of configuration information from the target database (usernames and password hashes, object/privilege listings, details on linked servers, etc.) and stores it locally on the scanning workstation, where AppDetectivePro performs its analysis.


< PREV PAGE   |   1  |   2  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts