Application Security Inc., Database Activity Monitoring, Vulnerability Assessment, Auditing and Scanning.

home

client login

partner login

purchasing info

search:

add this

1.	DbProtect Datasheet
2.	Federal Continuous Monitoring - On Demand Webinar
3.	Steps to PCI Compliance
4.	Segregation of Duties and SOX Compliance
5.	Two Minute Tutorials

AppDetective™ Update 4.0.0 - 19 July 2004

ENHANCEMENTS

Microsoft SQL Server Checks
Web Applications
Reports
Auditing

Microsoft SQL Server - NEW CHECKS

xp_readpkfromqueue buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the xp_readpkfromqueue extended stored procedure.
Risk Level - Low

xp_resetqueue buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the xp_resetqueue extended stored procedure.
Risk Leve - Low

xp_sqlinventory buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the xp_sqlinventory extended stored procedure.
Risk Level - Low

xp_unpackcab buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the xp_unpackcab extended stored procedure.
Risk Level - Low

xp_peekqueue buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the xp_peekqueue extended stored procedure.
Risk Level - High

sp_OAMethod buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the sp_OAMethod extended stored procedure.
Risk Level - Low

sp_OACreate buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the sp_OACreate extended stored procedure.
Risk Level - Low

pwdencrypt buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the built-in pwdencrypt function.
Risk Level - High

xp_sprintf buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in the xp_sprintf extended stored procedure.
Risk Level - High

DBCC addextendedproc buffer overflow (Simulate Attack)
Checks that buffer overflow occurs in DBCC addextendedproc built-in function.
Risk Level - Low

Web Applications

New Policy Editor - Policy editor that empowers users to customize and manage web application security checks.
SQL Injection Inspector - New feature to test a parameter for susceptibility to SQL injection by comparing server responses to requests using SQL-equivalent values.
Session ID Enumerator - New feature to enumerate Session IDs generated by the web application.
Enhancements to Lotus Domino Checks - Checks for cross-site scripting in the OpenFrameset function, as well as enhancements to control the quantity of pages found.
Advanced Scan Control - More granular controls empowering users to pause a scan or even skip forward to subsequent sets of checks.

Reports

Text formatting - Users now have the option to generate reports in Text (.txt) in addition to XML, HTML (.htm or .mht), and Crystal Reports format.
Sample Application Inventory Report | Sample Vulnerability Details Report

Return to ASAP™ Updates Listing