Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Nice list of security papers"] [Next entry: "Database Vault presentation slides available"]

Imperva launches a free database security scanner

Imperva have launched a free database security scanner called Scuba. I have downloaded and tested the tool and whilst it has some teething troubles its a great tool not just because its free. Imperva via their ADC (Application Defence Center) will support the tool and add checks to it.

The tool supports Oracle, IBM DB2, MS SQL Server and Sybase. The tool is written in Java and employs a framework approach so adding new checks is done via an upgrade rather than a re-install.

I tested the tool locally against an Oracle database and got some results. There is a lot of Oracle checks, in excess of 100, some of which are old and I felt incorrect - in terms of results and also levels of severity. Also I was not enamoured by the registration process which failed for me! I sent some feedback to Imperva and they will take it on board, they have let me know that they will start a forum to allow feedback to be given more easily.

The tool is free though and its a good tool that wll get better with feedback and development. Get on over to Imperva and download it, its worth a look.