|
EffectivenessA
AppDetectivePro identified a number of vulnerabilities in our database configuration. These included obvious, glaring errors that we intentionally introduced, such as blank administrator passwords, missing service packs and unapplied patches. It also identified more subtle configuration issues, such as improper permissions on registry extended stored procedures; the use of local SQL Server authentication (a non-recommended practice); the presence of sample databases; and failure to implement best practices for database activity auditing.
The descriptions provide detailed information on the vulnerabilities, their source, potential solutions and references for additional information.
ReportingA-
AppDetectivePro includes nine canned reports that pr...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ovide useful information for various levels of management and technical staff. These include an application inventory, summary reporting, high-level and detailed vulnerability reports and information on user accounts. You can also generate differential trend reports to evaluate the status of scanned databases over time. Output is available in Crystal Reports, HTML, XML and text.
AppDetectivePro stores results in an Access database on the local system, but you may also configure it to use SQL Server.
Verdict
AppDetectivePro is an excellent solution for auditors, security professionals and consultants to capture snapshots of database security status.
Testing methodology: We tested AppDetectivePro in a VMware environment using Windows Server 2003 and SQL Server 2005.
|
 |
|
