Pete Finnigan's Oracle Security Weblog

Imperva have launched a free database security scanner called Scuba. I have downloaded and tested the tool and whilst it has some teething troubles its a great tool not just because its free. Imperva via their ADC (Application Defence Center) will support the tool and add checks to it.

The tool supports Oracle, IBM DB2, MS SQL Server and Sybase. The tool is written in Java and employs a framework approach so adding new checks is done via an upgrade rather than a re-install.

I tested the tool locally against an Oracle database and got some results. There is a lot of Oracle checks, in excess of 100, some of which are old and I felt incorrect - in terms of results and also levels of severity. Also I was not enamoured by the registration process which failed for me! I sent some feedback to Imperva and they will take it on board, they have let me know that they will start a forum to allow feedback to be given more easily.

The tool is free though and its a good tool that wll get better with feedback and development. Get on over to Imperva and download it, its worth a look.