Application Security Inc. - Database Security, Monitoring, Assessment, Auditing, Encryption, and Regulatory Compliance.
 
 
 
home client login partner login purchasing info contact us
search:
Solutions Products Partners Support News & Events About Us
add this
AppSec Inc Support

Security Updates - ASAP™ Updates
(Application Security Automatic Protection)

ASAP Update - 19 June 2008

ENHANCEMENTS IN THIS ASAP UPDATE INCLUDE:

Product: DbProtect Vulnerability Assessment Scan Engine (AppDetective)

ORACLE
  • NEW! Critical Patch Update - April 2008
    Examines if the database contains vulnerabilities fixed by the CPU.
    Risk Level - High

  • NEW! OS_ROLES configuration parameter is NOT set to FALSE
    Examines if the parameter is not set to FALSE.
    Risk Level - Medium

  • NEW! Audit Table is not owned by SYS, SYSTEM or a protected account
    Examines if the Audit Table is not owned by SYS, SYSTEM, or a protected account.
    Risk Level - Medium

  • NEW! RESOURCE_LIMIT configuration parameter is NOT set to TRUE
    Examines the configuration parameter to see if its set to TRUE.
    Risk Level - Medium

  • NEW! Idle Time Resource Usage Limit
    Examines if the limit is set to be less or equal to 15.
    Risk Level - Medium

  • NEW! ML DB Protocol Server
    Examines if the Oracle XML DB Protocol is enabled or not.
    Risk Level - Medium

  • NEW! Database Demonstration Objects
    Examines for the presence of default accounts and objects created for demonstration applications.
    Risk Level - Medium

  • NEW! SYSDBA Privilege Assignments
    Examines for SYSDBA privilege granted to unauthorized DBAs.
    Risk Level - Medium

  • NEW! SQLNET.EXPIRE_TIME Parameter
    Examines if the parameter is set to greater than 0 in the sqlnet.ora file.
    Risk Level - Medium

  • NEW! _TRACE_FILES_PUBLIC undocumented configuration parameter is NOT set to FALSE
    Examines if the parameter is not set to FALSE.
    Risk Level - Medium

  • NEW! GLOBAL_NAMES configuration parameter is set to FALSE
    Examines if the parameter is set to FALSE.
    Risk Level - Low

  • NEW! Oracle Predefined Roles
    Examines for predefined roles granted to non-DBA accounts.
    Risk Level - Low

  • NEW! Database Creation SPOOLMAIN.LOG File
    Examines for the presence of the SPOOLMAIN.LOG file.
    Risk Level - Low

  • NEW! Role Permissions
    Examines the alter, index, and reference privileges to granted roles.
    Risk Level - Low

  • NEW! Redo Log Files configuration
    Examines the number of redo log groups and files to be at least two.
    Risk Level - Low
SYBASE
  • Added Target Database Support for Sybase ASE 15

  • Added Support for Adaptive Server Enterprise ODBC Driver (available with version 15 client driver)

  • UPDATED! Latest patch not applied
    Examines all the latest ESD's for 12.5.3, 12.5.4, and 15 Risk Level - High
 
Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved