Application Security Inc. - Securing Business by Securing Enterprise Applications

home

client login

partner login

online store

search:

MOST POPULAR CONTENT

1.	Top Database Security Threats for 2008
2.	Database Security Best Practices for Federal Agencies
3.	PCI Compliance at the Database Level
4.	Forrester WAVE Summary Scorecard
5.	SOX Compliance and Database Security

AppDetective™ Update 3.2.7 - 07 October 2003

NEW CHECKS (IBM DB2):

db2start format string overflow:
Checks if the database is vulnerable to a format string buffer overflow in the db2start binary.
Risk Level - High

LOAD buffer overflow:
Checks if the database is vulnerable to a buffer overflow in the LOAD command.
Risk Level - High

INVOKE buffer overflow:
Checks if the database is vulnerable to a buffer overflow in the INVOKE command.
Risk Level - High

Connect handshake overflow:
Checks if the database is vulnerable to a buffer overflow in the connection handshake.
Risk Level - High

Password in registry:
Checks for the existence of an unsecured Password in the registry.
Risk Level - Medium

NEW CHECKS (Oracle):

Not using NTFS partition:
Determines whether or not the Oracle home directory resides on an NTFS partition.
Risk Level - Medium

Registry permissions:
Checks that excessive permissions have not been granted on Oracle registry keys or values.
Risk Level - High

Service runs as LocalSystem:
Checks for Oracle services running under the LocalSystem account.
Risk Level - Low

Permissions on files:
Checks that excessive permissions have not been granted on Oracle operating system files. These files include all files under the Oracle installation directory.
Risk Level - Medium

Setgid bit enabled:
Finds any files with the setgid bit enabled.
Risk Level - Medium

Setuid bit enabled:
Finds any files with the setuid bit enabled.
Risk Level - Medium

NEW CHECKS (Microsoft SQL Server):

Not using NTFS partition:
Determines whether or not the MSSQL home directory resides on an NTFS partition.
Risk Level - Medium

Registry permissions:
Checks that excessive permissions have not been granted on MSSQL registry keys or values.
Risk Level - High

Service runs as LocalSystem:
Checks for MSSQL services running under the LocalSystem account.
Risk Level - Low

Permissions on files:
Checks that excessive permissions have not been granted on MSSQL operating system files. These files include all files under the MSSQL installation directory.
Risk Level - Medium

NEW CHECKS (Sybase Adaptive Server):

Not using NTFS partition:
Determines whether or not the Sybase home directory resides on an NTFS partition.
Risk Level - Medium

Registry permissions:
Checks that excessive permissions have not been granted on Sybase registry keys or values.
Risk Level - High

Service runs as LocalSystem:
Checks for Sybase services running under the LocalSystem account.
Risk Level - Low

Permissions on files:
Checks that excessive permissions have not been granted on Sybase operating system files. These files include all files under the Sybase installation directory.
Risk Level - Medium

Setgid bit enabled:
Finds any files with the setgid bit enabled.
Risk Level - Medium

Setuid bit enabled:
Finds any files with the setuid bit enabled.
Risk Level - Medium

HTML version of existing reports added

New Reports added (HTML and Crystal Reports versions):

Summary Report for Session:
Creates a Summary list of all the applications and vulnerabilities in a session.

Summary Report for Folder:
Creates a Summary list of all the applications and vulnerabilities in a folder.

Exporting / Importing for AppDetective for Web Applications

Reports added to AppDetective for Web Applications

Web Crawl Enhancements to AppDetective for Web Applications

Help File Enhancements

Return to ASAP™ Updates Listing