Application Security Inc. - Database Security, Monitoring, Assessment, Auditing, Encryption, and Regulatory Compliance.
 
 
 
home client login partner login purchasing info contact us
search:
Solutions Products Partners Support News & Events About Us
add this
Download Evaluation Version
Purchase License Now
Download Data Sheet
Download What's New
Watch User Rights Review
Watch Self Guided Demo


The De-Facto Standard for Corporate Auditors and IT Advisors

By an overwhelming margin, corporate auditors, IT advisors, and Federal Government OIGs have made AppDetectivePro their database scanning and vulnerability assessment solution of choice. Deployed in over 130 countries, AppDetectivePro has been used to assess hundreds of thousands of databases in every vertical market. A thorough examination of the databases that store and process critical business information is a critical component of any IT audit; AppDetectivePro enables auditors and advisors to complete the task quickly, reliably, and cost effectively.


Screenshot: AppDetectivePro "Session".


Database Security and Compliance Efforts Start with a Scan

Manually assessing the security posture of a database is a complex task that requires expertise and significant resources. Manually measuring and demonstrating compliance with industry and government regulations is even more difficult. By equipping your staff with AppDetectivePro™, you will immediately and significantly reduces the complexity of these tasks. IT auditors and advisors, regardless of skill level, will be enabled to perform easy and repeatable database security assessments, capture all results for manual control checks, and generate compliance reports. AppDetectivePro leverages AppSec, Inc.'s SHATTER knowledgebase, the industry's most complete collection of database vulnerability and misconfiguration checks to ensure the most comprehensive database assessment possible. The solution consists of three distinct functional modules:

  • Database Discovery
  • Database Vulnerability Assessment
  • User Rights Review


Database Discovery

The critical first step in any IT audit is to identify all assets and applications residing on the network. AppDetectivePro's Database Discovery module provides complete visibility into the inventory of databases on any network. Simply connect a laptop running AppDetectivePro to the network, and without agents, database logins, or other knowledge, the solution will scan and identify every database by vendor and release level.


Vulnerability Assessment

AppDetectivePro has been the vulnerability assessment standard since the product was launched in 2002. With a policy driven scanning engine, AppDetectivePro identifies vulnerabilities and misconfigurations. Issues identified include default or weak passwords, missing patches, poor access controls, and a host of other conditions. A flexible assessment framework allows auditors to choose between an outside-in, "hackers eye view" of the database which requires no credentials, or a more thorough inside-out scan which is facilitated through a read-only database account.

AppDetectivePro includes built-in templates to satisfy the requirements of security best practices and various regulatory compliance initiatives. Compliance standards covered include DISA STIG, NIST 800-53 (FISMA), PCI DSS, HIPAA, GLBA, Sarbanes-Oxley, ISO 27001, CoBIT, and Canada's MITS.


Pen Test

AppDetectivePro's unique Pen Test scan provides the outside-in view of databases security posture that is safe for use on production systems. The functionality does not perform intrusive tests or risky attack simulations, AppDetectivePro's Pen Test gathers a detailed view of vulnerabilities that could provide an outsider access into a database system and allows an organization before the vulnerabilities are exploited. The Pen Tests are executed without the need to schedule downtime and can operate in a tight maintenance window. Pen Tests require no database login information or passwords. Point the application at any database, and within seconds, results will be delivered.


Security Audit

For a more detailed, “inside-out” perspective of vulnerabilities and a complete assessment of database configuration settings, AppDetectivePro offers its Audit scan. Audits require minimal access to the databases being scanned; a read-only account with no access to sensitive user data is all that is required to perform a complete analysis. Audits extend beyond the capabilities of a Pen Test, identifying all the security holes that could allow an outsider access to a database. In addition, audits provide a detailed view of potential avenues of insider privilege abuse. Insiders can abuse their privileges to gain inappropriate access to data or functionality. AppDetectivePro Audit scans allow, organizations to protect sensitive information residing in database applications, guard against unauthorized outsider and insider access, and seamlessly demonstrate compliance to relevant requirements.


Vulnerability Knowledgebase, Up-to-Date Support

AppDetectivePro is based on the industry's largest known collection of database-specific vulnerabilities. Compiled by Team SHATTER, AppSec, Inc.'s world-class threat research organization, Team SHATTER. the extensive knowledgebase and associated vulnerability deliver maximum security across all major database platforms. The knowledgebase is updated on a regular basis through AppSec, Inc.'s ASAP Updates, ensuring that the most recent vulnerability's can be identified and remediated.


Work Plans and Policies

A thorough database assessment is more than just the scan. It consists of checking controls beyond just database configurations and parameter settings. Understanding the business process, how the application interacts with the database, and procedural operations, like backup and audit log review policies rounds out a complete database assessment. AppDetectivePro Work Plan extends the auditors ability to capture all the control information formulated in a questionnaire. It allows auditors to input what the password policy controls are, run scans against password parameters, and independently conclude if a control is within compliance or not.


AppDetectivePro Reporting

AppDetectivePro's reporting system allows organizations to easily report all database and application intelligence to appropriate stakeholders. Reporting options include: Inventory reports, Vulnerability Details and Summary reports, User Rights reports, Policy reports, and various others. Reports can be output in multiple formats including: PDF, Excel, Word, Crystal, HTML, XML and Text.

KEY FEATURES
  • Automated database discovery and inventory
  • Database-specific vulnerability assessment
  • Compliance work plans and policies
  • Industry leading database vulnerability knowledgebase
  • Concurrent database scanning
  • Deep analysis of user and role permissions
  • Advanced, customizable reporting
  • Easy to deploy, configure and use
A 30-day evaluation copy of AppDetectivePro is available for download at: www.appsecinc.com/products/appdetective/


SYSTEM REQUIREMENTS
  • Operating System: Microsoft Windows XP Professional SP2 or greater, Microsoft Windows Vista
  • Browser: Internet Explorer version 7 or later
  • RAM: 1 GB or more
  • Hard Drive: 300 MB of free disk space with additional space required to store vulnerability information
  • Database: (Optional for storing AppDetectivePro results) Microsoft SQL Server 2008, 2005, 2000 or MSDE 2000 SP4

Read the Review
Reviewing Organizational User Entitlement
ESG's Research Report: Database Security Controls
Securing Critical Databases with DbProtect
Request a FREE trial
Contact Sales
Watch Demo
Review Analyst Reports
 
Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved