-------------------------------------------------------------------------------- Application Inventory Report -------------------------------------------------------------------------------- COMPANY NAME : Testing PRINT DATE : 7/19/2004 SESSION DATE : 12/19/2003 12:58:11 PM FOLDER NAME : HR -------------------------------------------------------------------------------- REPORT DESCRIPTION: Your network was inventoried for enterprise applications such as database, groupware, ERP, and Web servers. This inventory was conducted by scanning a range of IP addresses and investigating the responsive ports for the existence of applications. Utilizing a proprietary recognition system, the application type, version, and components of the discovered applications are identified.

An application inventory differs in many ways from a typical scan run by other security tools. Typical network scans are effective at finding IP addresses and collecting a list of ports that are responsive, but do not recognize the applications running on the ports. An application inventory, as performed by AppDetective, looks for specific applications and detects those applications even if they are listening on non-default ports. An application inventory also takes a scan to the next phase by performing an in-depth discovery of details about the application a network scan can not determine.

Once you have collected the inventory, the next step is to perform a penetration test against each application. A penetration test performs an external evaluation of the security as a hacker would view the application. After running a penetration test, the next step would be to run a security audit of the application. A security audit is a series of security tests run internally on an application. A security audit provides the most detailed view of your security and helps secure an application from non-privileged internal users as well as administrators.

Oracle Listener, Database, or External Procedure Server - Database applications from Oracle Corporation. The listener is the proxy between the client and server. The database is the system which stores the data. The external procedure server is a program which allows functions external to the database to be run from within the database.

Lotus Domino - An enterprise groupware application that provides email, message boards, workflow, and other services.

HTTP Web Server - An application which listens for and responses to HTTP requests.

Microsoft SQL Server - A database application from Microsoft.

Sybase Database - A database application from Sybase.

IBM DB2 DAS or Database Server - Database applications from IBM Corporation. The Database Administration Server (DAS) listens for client requests for database administration and other actions. The Database Server stores all of the data.

MySQL Database Server - Open Source Database application.

Unknown - Detected a component of an application but was unable to accurately obtain enough information to classify the application type ( i.e. the application's version or platform ). REPORT SUMMARY: -------------------------------------------------------------------------------- Vulnerabilities BY IP Address ------------------------------------------------------------ Application Type Count ------------------------------------------------------------ Microsoft SQL Servers 2 MSDE Servers 0 Oracle Databases 1 Domino Servers 2 Sybase Adaptive Servers 1 IBM DB2 Databases 0 MySQL Databases 1 HTTP Web Servers 0 ------------------------------------------------------------ REPORT CONTENT: -------------------------------------------------------------------------------- IP ADDRESS: 192.168.1.175 -------------------------------------------------------------------------------- Port Application -------------------------------------------------------------------------------- 1521 Oracle External Proc (PLSExtProc) 1521 Oracle9i Database (HR_Data) 1521 Oracle9i Listener -------------------------------------------------------------------------------- Powered by Application Security, Inc.